Tigera announced pay-as-you-go software as a service (SaaS) for Kubernetes security and observability. With Calico Cloud, users only pay for services consumed and are billed monthly, getting immediate value without upfront investment.
Calico Cloud gives DevOps, DevSecOps, and Site Reliability Engineering (SRE) teams a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce security policies for compliance, and observe and troubleshoot applications.
According to a Cloud Native Computing Foundation (CNCF) report, the number of Kubernetes deployments is rapidly growing as cloud-native application adoption becomes mainstream. Cloud-native applications are composed of containers and microservices that directly access other cloud services, legacy applications, and applications like SalesForce and Zuora.
Traditional perimeter-based security solutions are unaware of containers and microservices inside a Kubernetes cluster. Moreover, microservices are highly dynamic and ephemeral rendering any static IP address-based security control inadequate. The deployment characteristics of cloud-native applications make them harder to secure, observe and troubleshoot.
Without granular levels of security, there is a potential for unauthorized access to and from microservices. And once a service is compromised, it is easy for the malicious actors to move laterally.
Calico Cloud is Kubernetes-native and provides native extensions to enable security and observability as code for easy and consistent enforcement across Kubernetes distributions, multi-cloud and hybrid environments.
“Without observability, security is incomplete. Calico Cloud combines both to offer DevOps and SREs a simple, resilient, secure, and performant service, so they can focus on what matters most: operating services that are secure, observable, and easy to troubleshoot,” said Ratan Tipirneni, CEO of Tigera.
“With Calico Cloud, users can get started with one use case and add capabilities to address new use cases as their operational requirements change.”
“While Kubernetes provides great flexibility, we’ve learned how challenging it is to secure, observe, and troubleshoot this environment,” said Jeff Puccinelli, senior DevOps engineer, Mulligan Funding.
“With the detailed visibility and robust security offered by Calico Cloud via features such as the Dynamic Service Graph, we’re able to observe exactly what is going on, which helps us analyze and troubleshoot far more effectively.”
Calico Cloud includes the following capabilities:
- Egress access controls: Calico Cloud limits access to and from external endpoints on a “per-pod” basis including access to microservices, cloud databases, cloud services, APIs, and legacy applications.
- East-west security controls: Calico Cloud limits the blast radius when a security breach results in an APT (advanced persistent threat). Calico Cloud’s “defense-in-depth” approach provides protection on three levels: host, container/VM, and application, and can perform micro-segmentation for both container and VM (virtual machine) workloads.
- Security and compliance: Calico Cloud encrypts data-in-transit, and provides intrusion detection with threat feeds of bad actors and known attacks. Using machine learning, CalicoCloud detects anomalies and generates policy recommendations that can be applied in milliseconds to remedy and prevent future attacks. Calico Cloud enables organizations to comply with regulations including PCI, HIPAA, SOC 2, and GDPR.
- Observability and troubleshooting: Calico Cloud generates a Dynamic Service Graph that observes microservices behavior and interactions at run-time and provides detailed information to speed troubleshooting, and automatically identifies and highlights performance hotspots. Software engineers can quickly drill down and identify the source of a problem at the application, process, and socket levels as well as through an automated packet capture function.