Calico Cloud

Pay-as-you-go security and observability SaaS platform for containers, Kubernetes, and cloud. Get a live view of dependencies and how all the services are communicating with each other in a multi-cluster, hybrid and multi-cloud environment. Eliminate setup and onboarding steps and troubleshoot your Kubernetes security and observability issues within minutes.


Calico Cloud is a next-generation security and observability SaaS platform for containers, Kubernetes, and cloud. It enables organizations of all sizes to protect their cloud workloads and containers, detect threats, achieve continuous compliance, and troubleshoot service issues in real time across multi-cluster, multi-cloud, and hybrid deployments. Calico Cloud is built on Calico Open Source, the most widely adopted container networking and security solution.

Instead of managing a platform for container and Kubernetes security and observability, teams consume it as a managed service for faster analysis, relevant actions, and end results. They get an understanding of the microservices dependencies, the way to manage, analyze, and troubleshoot performance hotspots, connectivity, and detect anomalies without going through an extensive setup and deployment process. With Calico Cloud, users only pay for services consumed and are billed monthly, getting immediate value without upfront investment.

While Kubernetes provides great flexibility, we’ve learned how challenging it is to secure, observe, and troubleshoot this environment. With the detailed visibility and robust security offered by Calico Cloud via features such as the Dynamic Service Graph, we’re able to observe exactly what is going on, which helps us analyze and troubleshoot far more effectively.

Jeff Puccinelli

Senior DevOps engineer, Mulligan Funding


Kubernetes-native security and observability

Any container, any Kubernetes distribution, any workload, any cloud

Flexible pricing with usage based billing

Get up and running in minutes




North-South Controls

Control north-south traffic, limit access to external endpoints on a per-pod basis, and protect your Kubernetes cluster.

The Calico Cloud Egress Gateway enables you to securely integrate with firewalls, monitoring systems like SIEMs, and other systems that don’t understand the dynamic nature of container orchestration.

You can author DNS Policies that implement fine-grained access controls between a workload and the external services it needs to connect to, like Amazon RDS, ElasticCache, and more.


  • Egress Access Controls
  • Firewall Integrations

East-West Controls

East-West controls enable you to limit the blast radius when a security breach results in an APT (advanced persistent threat). You can perform micro-segmentation for both container and VM workloads. Calico Cloud’s “defense-in-depth” approach provides protection on three levels: host, container/VM and application. Using a single policy framework, you can set controls at all of these levels using a declarative model.


  • Microsegmentation

Enterprise Security and Compliance

If you’re working with sensitive data that falls under regulatory compliance mandates like PCI, HIPAA, SOC 2, or GDPR, Calico Cloud provides data-in-transit encryption with industry-leading performance, as well as compliance reporting for security policies and controls.

Calico Cloud has an incredibly rich Intrusion Detection feature set that includes threat feeds to identify known bad actors like bots, custom alerts for known attacks, anomaly detection, and honeypods. It includes an automated approach to malware detection and response to target and remediate threats like DGA (Domain Generation Algorithm) and the unpatched Kubernetes CVE-2020-8554 vulnerability.


  • Intrusion Detection and Prevention
  • Encryption
  • Compliance and Audit

Observability and Troubleshooting

Distributed applications are very difficult to troubleshoot. Calico solves this problem by dynamically generating a service graph, as well as providing a built-in, UI-driven troubleshooting tool that enables easy monitoring and troubleshooting for microservices.

The Dynamic Service Graph provides a rich set of information with Kubernetes context, including across which namespaces workloads are communicating, detailed DNS information, detailed logs for every flow in your cluster, and how security policies are being evaluated.

Dynamic Packet Capture is a self-service, on-demand tool for capturing and evaluating traffic for a specific pod or collection of pods based on secure user access. It allows you to monitor how microservices are behaving and interacting with each other at runtime.


  • Dynamic Service Graph
  • Application-Level Observability
  • Dynamic Packet Capture
  • DNS Dashboard

Unified Controls

Unified controls are required for consistent security and observability across multi-cluster, multi-cloud and hybrid cloud environments. Calico Cloud provides a single pane of glass to ensure consistent application of security controls across both containers and VMs in heterogeneous environments. Unified controls reduce the complexity for DevOps teams running the clusters by supporting self-service security and CI/CD integration. Using “Security as code”, Calico Cloud fully automates the cluster-wide, end-to-end policy deployment process including any necessary security changes.

Built on Calico Open Source, the most widely adopted networking and security solution for containers and Kubernetes, Calico Cloud also supports third-party CNIs including EKS VPC, Azure CNI, and GKE to expand your choice of public cloud providers.


  • Unified Controls for Security & Observability across Multi-cloud & Hybrid environments

Shift Left Security

Developers, DevOps teams, and SREs want to follow a simple workflow and generate security policies with minimal effort in their code. Calico Cloud allows them to create their own security policies within their tiers and customize permissions based on organizational structure.

Calico ensures the policies in the left-most tiers are given precedence over the right. Tiers are a Kubernetes object, so you can control who can view/modify policies in specific tiers. Every change of record to tiers and policies is captured, enabling you or auditors to go back in time for review or troubleshooting purposes.


  • Policy Automation

Key Features

How It Works


Get container and Kubernetes networking, security, and observability with Calico Cloud in minutes for any distribution across public cloud providers.

Get Started


Solution Brief

Learn more

Free eBook


Calico Cloud Datasheet

Learn more

Latest Content

How to Monitor Calico’s eBPF Data Plane for Proactive Cluster Management

How to Monitor Calico’s eBPF Data Plane for Proactive Cluster Management

By Chris Tomkins on Jan 18, 2022

Monitoring is a critical part of any computer system that has been brought in to a production-ready state. No IT system exists in true isolation, and even the simplest systems...

Read more >
4 ways enterprises do container security and cloud-native network security together

4 ways enterprises do container security and cloud-native network security together

By Neeraj Shahdadpuri on Jan 26, 2022

As more organizations adopt microservices based architecture runnning on containers for their cloud-native application, it expands the attack surface at build, deploy and run time. A security approach that only...

Watch here >
AWS Dev Day: Hands-on EKS workshop about cloud-native application security and observability

AWS Dev Day: Hands-on EKS workshop about cloud-native application security and observability

By Neeraj Shahdadpuri on Jan 26, 2022

In this EKS-focused workshop about cloud-native application security and observability, you will work with a Calico and AWS expert to learn how to design, deploy, and observe container security, cloud-native...

Register here >