Rafay Systems announces two new services for Kubernetes clusters and modern applications

Rafay Systems announced two new services – Service Mesh Manager and Network Policy Manager – that empower platform, developer and DevSecOps teams to centrally manage transport security and application traffic for cloud-native applications and Kubernetes clusters deployed across private data centers, public clouds and edge.

Surge in Kubernetes adoption creates challenges for enterprise Kubernetes security

Kubernetes usage continues to experience record growth. According to the Cloud Native Computing Foundation (CNCF), 96% of organizations are either using or evaluating Kubernetes. This surge has also led to an increase in security risks as enterprises are forced to use disparate DIY tools to secure the communication between application workloads and Kubernetes clusters located across their infrastructure.

Failure to secure both the application and transport layers of the modern technology stack can leave Kubernetes and cloud environments vulnerable to attack by allowing unauthorized access to applications, their data and related resources. In fact, a majority of teams continue to face challenges that have led to at least one security incident in their Kubernetes and container environments within the past 12 months.

“Kubernetes and cloud computing enable rapid innovation, but finding a balance between speed of application delivery and security is challenging, especially as teams scale their Kubernetes projects to meet enterprise demand,” said Janakiram MSV, Principal Analyst at Janakiram and Associates. “I’ve always advocated for a simplified and scalable approach to securing the Kubernetes ecosystem. Solving this long-standing challenge for Kubernetes environments requires standardization, repeatability and consistency. Rafay meets that need. By providing a simple-to-use yet comprehensive platform, Rafay makes it possible for enterprises to quickly scale Kubernetes operations and do so securely.”

“While traffic management and transport security are critical considerations for enterprise Kubernetes operations and management, they are often an unintended afterthought for overburdened platform, developer and DevSecOps teams. This adds business and technical risks,” said Mohan Atreya, SVP of Products and Services for Rafay Systems. “A sure way to accelerate innovation without compromising security is to bake in security capabilities upfront—which Rafay now delivers as easy-to-consume turnkey services in our Kubernetes Operations Platform.”

The Rafay Service Mesh Manager, powered by CNCF project Istio, delivers centralized configuration of security controls and traffic management policies for microservices fleet-wide. Key features allow enterprises to:

• Automatically apply and enforce application communication policies at the cluster and namespace level;
• View dashboards for observability to monitor service-to-service communication in real time and retrospectively;
• Control access to management and visibility based on roles and assets, allowing platform teams to unblock developers and empowering them to view traffic for their respective applications or namespaces while still maintaining role-based access control (RBAC);
• Selectively enable mutual TLS (mTLS) across different parts of the infrastructure based on organizational or specific application needs.

The Rafay Network Policy Manager, powered by CNCF project Cilium, delivers centralized management and visibility into pod and namespace communication to ensure isolation boundaries and reduce the lateral attack surface fleet-wide.

Key features allow enterprises to:

• Isolate communication between applications and namespaces in both shared (multi-tenant) and dedicated cluster environments;
• View real-time and historical network traffic flows to monitor and troubleshoot communication controlled with centralized RBAC;
• Provide a self-service experience for developers to view network traffic for applications in their namespaces based on their assigned role;
• Automatically enforce network policy standards cluster-wide and at an individual namespace level.