Case study: Calico helps Upwork migrate legacy system to Kubernetes on AWS and enforce zero-trust security

Upwork is a freelancing platform that connects a global base of clients to freelancers via job postings. Since going public on the New York Stock Exchange in 2019, the company has become one of the leading freelance platforms worldwide and was named on Time’s list of the 100 Most Influential Companies of 2022.

Upwork’s platform team was running containerized workloads on Consul and Spring Cloud, which required service owners to manually switch to a new code library each time Upwork’s platform team had a new release, and vice versa. This manual switching happened as often as every two months, which was inefficient for a company with over 800 microservices. Also, service owners were not adopting new libraries immediately and could not add upstream and downstream dependencies as needed without going through a review process. Combined, these problems meant that service owners and the cloud engineering and InfoSec teams lacked visibility, were highly susceptible to zero-day attacks and had a slow incident mitigation response.

To solve these problems, Upwork needed to adopt a distributed architecture from the application layer to the network layer. To do this, they required Kubernetes. The switch to Kubernetes meant Upwork’s containers needed to adhere to cloud-native requirements, including resiliency and security measures.

In collaboration with Tigera, Upwork shares the details of how Calico provided a security solution that enabled the company to implement a zero-trust approach and provided visibility into all workload communications.

Case study highlights

In its migration to Kubernetes, Upwork required a security solution that could:

  • Implement a zero-trust approach
  • Provide visibility into all workload communications
  • Enforce a zero-trust, default-deny policy on all workload communications and allow authorized communications only
  • Provide visibility and security controls to service owners as an application-layer architecture
  • Enable the cloud engineering team to see all upstream and downstream dependencies
  • Meet the company’s InfoSec team mandate for zero-trust security to ensure the platform, services, and application were fully protected

The platform team ultimately decided to migrate Upwork’s containers to Kubernetes, hosted on Amazon Web Services’ Elastic Kubernetes Platform (AWS EKS). After testing Calico, Upwork’s platform team deployed Calico as its zero-trust security solution to secure the company’s containerized workloads on EKS.

Find out how Calico helped Upwork secure its EKS clusters in just six months, meet its security team’s zero-trust security mandate, accelerate application rollouts, and more.

Read the case study: Calico helps Upwork migrate legacy system to Kubernetes on AWS and enforce zero-trust security.

Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!