Welcome to Calico Cloud
Calico Cloud gives DevOps, DevSecOps, and Site Reliability Engineering (SRE) teams:
A single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce security policies for compliance, and observe and troubleshoot applications
End-to-end visibility, ingress and egress access control, and security compliance enforcement from client to serving pod, using Kubernetes context-enhanced networking flow logs data.
Ability to automatically scale with the managed clusters in your environment to ensure uninterrupted real-time visibility
Security and observability challenges
Often microservices need to communicate with services or API endpoints running outside the Kubernetes cluster. Implementing access control from Kubernetes pods to external endpoints is hard without the k8s context, which often results in allowing traffic from the entire cluster or a set of worker nodes. Neither of these workarounds is a good security posture.
Even with effective perimeter-based north-south controls, organizations face challenges in tackling lateral movement security threats as the mesh of communication between microservices across storage, networking and backend services becomes increasingly complex.
Security and compliance
Most traditional security and compliance approaches fall well short of supporting Kubernetes workloads because the microservices running in Kubernetes are highly dynamic and ephemeral. Security controls implemented for any regulatory framework such as PCI DSS or SOC2 (which is designed based on the IP addresses or location of the workload on the network alone), is tedious and won't be effective.
As microservices deployments grow, it is very important for devops teams to have complete visibility inside the clusters. Troubleshooting a service outage or performance issue without a complete view of dependencies, and how all the services are communicating with each other across a cluster, is complex and hard to resolve in a timely manner.
As organizations scale Kubernetes deployments on a mix of on-prem, cloud, and multi-cloud infrastructure, the lack of a centralized, unified multi-cluster approach to security and observability, compliance, and policy management often results in fragmented and ineffective solutions rendering the deployments vulnerable to attack.
Calico Cloud addresses all of these challenges!