Skip to main content

Calico Cloud use cases

Your Kubernetes journey...

During each stage, there are common use cases that block initiatives from moving forward. Learn about the Calico Cloud features that remove these blockers.

kubernetes-journey

Open source Calico Essentials

  • Training
  • Personalized workshops
  • Enterprise integration strategies
  • Troubleshooting strategies

Egress access controls

Calico Cloud packages several features that enable fine-grained access controls between your microservices and databases, cloud services, APIs, and other applications that are protected behind a firewall.

2-minute video

Documentation

Visibility and troubleshooting

Connectivity issues between microservices are difficult to troubleshoot. Troubleshooting often requires collaboration between multiple teams to identify and resolve the problem.

Calico Cloud offers tools to rapidly pinpoint and resolve the source of a connectivity issue between your microservices running on Kubernetes clusters, as well as tools to identify and resolve potential connectivity issues before they happen.

2-minute video

Documentation

Enterprise security controls

Many applications have compliance requirements such as workload isolation, ensuring dev cannot talk to prod, and implementing network zones (e.g. microservices in the DMZ can communicate with the public internet but not directly with your backend databases). With Calico Cloud, you can;

  • Implement security controls at a higher precedent policy tier that cannot be changed or overridden by other users
  • Alert on changes to your security controls
  • Generate audit reports that demonstrate compliance now and historically

2-minute video

Documentation

Extend firewalls to Kubernetes

When deploying microservices to an environment managed by firewalls, it may become necessary to work within the confines of your IT Security Architecture. For applications that make or accept connections with the internet, or need to connect to databases, a firewall is typically going to be part of that architecture.

Most security teams are short-staffed and don’t have the capacity to take on new tools that understand workload orchestration like Kubernetes. Defining a firewall rule for ingress or egress access controls does not work in this architecture and can block deployments or worse, result in service disruptions if implemented improperly. Furthermore, defining a zone-based security architecture in your cluster using a firewall requires routing all service-to-service traffic through the firewall, introducing latency into your application.

2-minute video

Documentation

Enable self service security policy

When deploying a new microservice to a secure cluster, it needs to be deployed along with a network policy to enable the service to communicate with other services and APIs. Often this means having a central function that reviews or creates policies for every microservice deployment. Otherwise, a deployment may inadvertently override an important security policy implemented to protect sensitive workloads that process payment information, customer data, etc. This process does not scale when 100’s or 1000’s of microservices are being deployed daily and deployments are delayed.

Calico Cloud enables self-service deployments to a secure cluster without the risk of an important policy being overridden or otherwise violated. No central person or team is required to create or review policies and deployments along with the network policies required to allow access are completely automated.

2-minute video

Documentation

Microsegmentation

Every cloud and hosting environment has a unique approach to segmentation, which leads to operational overhead and security gaps when segmenting traffic within and between these environments. Calico Cloud provides a common segmentation protocol that works across all of your environments, and scales at the pace of your microservices environment.

2-minute video

Documentation

Intrusion detection

In addition to cloud microsegmentation and zero trust security, Calico Cloud provides another layer of security through its Intrusion detection system (IDS).

Calico Cloud IDS identifies Advanced persistent threats (APTs) through behavior-based detection using machine learning and a rule-based engine that enables active monitoring.

2-minute video

Documentation

Zero trust security

Zero trust security is a strong security posture that assumes that something in your application or infrastructure has been compromised and is currently hosting some form of malware.

Kubernetes is particularly vulnerable to the spread of malware due to the open nature of cluster networking; by default, any pod can connect to any other pod, even across namespaces. It is very difficult to detect malware or its spread within a Kubernetes cluster without implementing a strong security framework like zero trust.

2-minute video