Microsegmentation is a technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls for each unique segment. DevSecOps teams rely on microsegmentation to protect multi-tenant environments from exploitation, and prevent tenants from accessing data from any other tenant.
By default, Kubernetes is an open system with no built-in security controls. Without east-west controls like microsegmentation, a cyberattacker, having gained unauthorized access, can move laterally within a cluster in search of sensitive data and other high-value assets. Given the large attack area within a Kubernetes cluster it’s essential to isolate endpoints and prevent lateral movement.
Every cloud and hosting environment, for example AWS security Groups, VMware NSX, and Google Cloud Firewalls, uses its own implementation of segmentation. Each of these uses different tools and requires different skill-sets to implement. However, none of these can integrate with other implementations, which limits their applicability, creates silos and can lead to unnecessary deployment of multiple, disparate segmentation solutions.
Calico provides a unified, cloud-native segmentation model and single policy framework that makes multiple, siloed approaches a thing of the past, and works across all of your existing microservices environments. Calico’s unified solution is an operationally simpler replacement for multiple, costly, proprietary approaches and the skillsets required to manage them.
Eliminates the risks associated with lateral movement in the cluster by cyberattackers in search of sensitive data and other high-value assets
Eliminates the operational inefficiencies of deploying multiple siloed segmentation solutions by providing a single, unified security model and single-policy framework that works seamlessly across multiple application and workload environments
Enables faster response to security threats with a cloud-native distributed architecture that can dynamically enforce security policy changes across cloud-scale environments in milliseconds in response to an attack
Calico’s segmentation solution with a unified policy framework works across all of your existing environments: any combination of cloud providers, cloud instances, Kubernetes distributions, containers, virtual machines, and bare metals. Calico enables full workload portability and the ability to define segmentation policies for multi-cloud and hybrid connections. Calico is built for cloud scale and provides you with the ability to roll out security policy changes in milliseconds, while legacy segmentation tools take hours.