Extend Enterprise Security to Kubernetes
Bring K8s Into Compliance
Most enterprises have organizational and regulatory security and compliance requirements that apply to any production data environment. If you’re part of a Platform Engineering or IT Operations team and planning to make the leap from pilot to production with your Kubernetes cluster, your company’s Security team will insist that you comply with these controls before you can migrate. For example, you may need to produce audit logs that track changes to security controls. By far, the biggest issue you will have to deal with is implementing zone-based security in k8s.
Challenge: Deploying a Three-Zone Security Architecture in K8s
The traditional three-zone security model (trusted, untrusted, DMZ) has been around for years. Highly dynamic k8s clusters consisting of nodes and pods don’t fit into this architecture. Rules for k8s are defined using label selectors, not IP addresses. Static network policy definitions don’t align with dynamic pod scheduling, creating another barrier. Traditional network security solutions like firewalls and diagnostic tools like packet sniffers are ineffective, so the Platform team, as well as the Security, DevOps and Network teams have no k8s visibility. And without visibility, there are no audit logs to verify compliance.
Automate, Implement and Scale
Organizations that deploy manual processes to implement existing security controls in k8s quickly discover that it can take several days to make each firewall change. If your company has hundreds or thousands of firewalls, that’s not a viable approach. By applying some simple network policies, Calico Enterprise can implement your three-zone security architecture in K8s. Rules are defined using K8s label selectors instead of IP addresses, and new workloads don’t require new policies, only appropriate labels. Calico Enterprise automates the deployment, making it easy for you to scale as your cluster grows, while you leverage the familiar three-zone processes and infrastructure.
Remove the Security Blocker: Apply Existing Security and Compliance Controls to K8s
Now you can implement security controls both globally, and on a per-app basis. Calico Enterprise generates audit logs that track security changes over time, along with flow logs and evidence reports for audit purposes. Not only for Kubernetes, but also for cloud instances and static VMs. Now you can quickly address compliance requirements, easily implement security policies designed for dynamic workloads, and automatically create audit-ready reports for the Security team.
Learn More Use Cases
Ready to get started?
Seeing is believing! Get a free demo of Calico Enterprise.