Extend Enterprise Security to Kubernetes

Bring K8s Into Compliance

Most enterprises have organizational and regulatory security and compliance requirements that apply to any production data environment. If you’re part of a Platform Engineering or IT Operations team and planning to make the leap from pilot to production with your Kubernetes cluster, your company’s Security team will insist that you comply with these controls before you can migrate. For example, you may need to produce audit logs that track changes to security controls. By far, the biggest issue you will have to deal with is implementing zone-based security in k8s.

Challenge: Deploying a Three-Zone Security Architecture in K8s

The traditional three-zone security model (trusted, untrusted, DMZ) has been around for years. Highly dynamic k8s clusters consisting of nodes and pods don’t fit into this architecture. Rules for k8s are defined using label selectors, not IP addresses. Static network policy definitions don’t align with dynamic pod scheduling, creating another barrier. Traditional network security solutions like firewalls and diagnostic tools like packet sniffers are ineffective, so the Platform team, as well as the Security, DevOps and Network teams have no k8s visibility. And without visibility, there are no audit logs to verify compliance.

Automate, Implement and Scale

Organizations that deploy manual processes to implement existing security controls in k8s quickly discover that it can take several days to make each firewall change. If your company has hundreds or thousands of firewalls, that’s not a viable approach. By applying some simple network policies, Calico Enterprise can implement your three-zone security architecture in K8s. Rules are defined using K8s label selectors instead of IP addresses, and new workloads don’t require new policies, only appropriate labels. Calico Enterprise automates the deployment, making it easy for you to scale as your cluster grows, while you leverage the familiar three-zone processes and infrastructure.

Remove the Security Blocker: Apply Existing Security and Compliance Controls to K8s

Now you can implement security controls both globally, and on a per-app basis. Calico Enterprise generates audit logs that track security changes over time, along with flow logs and evidence reports for audit purposes. Not only for Kubernetes, but also for cloud instances and static VMs. Now you can quickly address compliance requirements, easily implement security policies designed for dynamic workloads, and automatically create audit-ready reports for the Security team.

Learn More Use Cases

Pod-level Access to External Resources

Integrate Kubernetes with the Enterprise
Discover

Visibility and Troubleshooting

Quickly and Easily Resolve K8s Connectivity Issues
Discover

Extend Firewalls to Kubernetes

Extend your security controls to Kubernetes
Discover

Zero Trust Network Security

The most-advanced network security
Discover

Threat Detection

Monitor traffic, detect and prevent threats
Discover

Continuous Compliance

Continuous reporting, alert on non-compliance
Discover

Ready to get started?

Seeing is believing! Get a free demo of Calico Enterprise.

Pin It on Pinterest