Tigera Cloudifies Calico to Secure, Monitor Kubernetes
Tigera today launched a software-as-a-service (SaaS) edition of a platform for monitoring and securing Kubernetes environments based on its open source Project Calico network virtualization software.
Previously, the company made available an instance of Project Calico that could be deployed by an internal IT team.
Calico Cloud makes available a SaaS platform through which Project Calico network virtualization is automatically deployed. Once installed, IT teams can enforce security policies that limit which microservices running on a Kubernetes cluster can communicate with one another, as well as monitor the overall IT environment.
In a security breach, Calico Cloud limits the ability for malware to move laterally across an IT environment, says Tigera CEO Ratan Tipirneni, by limiting the communication between microservices—only those approved by the internal IT team will be able to communicate with microservices running at the Kubernetes pod level. Calico Cloud essentially limits the blast radius of a breach by applying microsegmentation to microservices, he says.
Calico Cloud also encrypts data in transit, provides intrusion detection capabilities and employ machine learning algorithms to both detect anomalies and generates policy recommendations that can be applied in milliseconds, adds Tipirneni.
Monitoring capabilities, meanwhile, are enabled via Project Calico’s Dynamic Service Graph that observes both microservices behavior and interactions at runtime to automatically identify performance hotspots. Software engineers can quickly drill down and identify the source of a problem at the application, process and socket levels as well via an automated packet capture function.
Tipirneni says Project Calico has been gaining traction because it enables IT teams to declaratively microsegment a Kubernetes environment in a way that Calico Cloud will now automate. In effect, security and monitoring can now both be managed as code, he notes.
Initially available via the Google Cloud Platform, Calico Cloud eventually also will be available on other cloud services, Tipirneni says. A starter subscription for Calico Cloud is priced at 5 cents per node hour, or $350 per node annually, while a Pro subscription is priced at 8 cents per node hour, or $561 per node annually.
There are, of course, many options when it comes to securing and monitoring Kubernetes environments. The issue IT organizations will find themselves wrestling with is the degree to which they also want to manage the platform they employ to manage multiple distributions of Kubernetes. At a time when many IT professionals continue to work from home to combat the spread of the COVID-19 pandemic, more of the frameworks employed to manage IT environments are moving into the cloud.
At the same time, there’s a lot more focus on software supply chains that increasingly are made up of hundreds of microservices that soon could number in the thousands. The odds that an IT organization will be able to monitor and secure those microservices using a platform they deploy and manage are slight indeed.
