Laura Ferguson

Author Archives: Laura Ferguson

Tigera has been awarded Microsoft’s 2022 Partner of the Year award for OSS on Azure

We are proud to announce that we have won the 2022 Microsoft OSS on Azure Partner of the Year award! The Microsoft Partner of the Year Awards recognize Microsoft partners that have developed and delivered outstanding Microsoft-based applications, services, and devices during the past year. Awards were classified in various categories, with honorees chosen from a set of more than 3,900 submitted nominations from more than 100 countries worldwide. Tigera was recognized for providing outstanding solutions and services for open source on Azure.

Since June 2021, Tigera and Microsoft Azure together provide users with active build, deploy, and runtime security with full-stack observability for securing, monitoring, and troubleshooting containers on Azure and AKS. Tigera works closely with Microsoft to offer networking, security, and observability for containerized workloads running in Microsoft Azure.

We are very proud to be recognized as Microsoft’s Partner of the Year for OSS on Azure as it re-affirms the reach and pervasiveness of Tigera’s Calico Open Source solution for container networking and security on Azure and AKS. As enterprises standardize across Microsoft Azure, customers require a resource-efficient and scalable networking and security solution that protects the workloads in a hybrid environment extending from the cloud (Azure and Continue reading

The state of cloud-native security 2022 – Tigera’s new market report

We are excited to announce the publication of our first State of Cloud-Native Security market report! The report compiles survey results from more than 300 security and IT professionals worldwide (all of whom have direct container responsibilities), and explores organizations’ needs and challenges when it comes to containers and cloud-native applications, specifically in the areas of security, observability, and compliance.

Report highlights

Our survey results showcase the rise in cloud-native development, while identifying barriers and areas where organizations need support on their cloud-native journey. Some of the report’s key findings include:

  • Cloud-native applications gain momentum but present security, compliance, and observability issues.
    • While our survey found that 75% of companies are focusing development on cloud-native applications, the increased development (and deployment) also creates the need for more advanced observability and security capabilities.
  • Containers require security solutions for runtime, access, and networking.
    • 98% of organizations need container security, with runtime security topping the list.
  • Cloud-native and container compliance requirements are driving delays and challenges.
    • 95% of organizations report they have compliance requirements for cloud-native applications, with 84% stating that meeting these compliance requirements is challenging.

Why read the report?

The report gives organizations a chance to benchmark themselves against the findings, Continue reading

How to secure Kubernetes at the infrastructure level: 10 best practices

Infrastructure security is something that is important to get right so that attacks can be prevented—or, in the case of a successful attack—damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure.

Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening, and network security.

  • Host hardening – Secures the servers or virtual machines on which Kubernetes is hosted
  • Cluster hardening – Secures Kubernetes’s control plane components
  • Network security – Ensures secure integration of the cluster with surrounding infrastructure

Let’s dive into each of these and look at best practices for securing both self-hosted and managed Kubernetes clusters.

Host hardening

There are many techniques that can be used to ensure a secure host. Here are three best practices for host hardening.

Use a modern immutable Linux distribution

If you have the flexibility to choose an operating system (i.e. your organization doesn’t standardize on one operating system across all infrastructure), use a modern immutable Linux distribution, such as Flatcar Container Linux or Bottlerocket. This type of operating system is specifically designed for containers and offers several benefits, including:

What a more holistic approach to cloud-native security and observability looks like

The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.

As stated in this article, security for cloud-native applications should take a holistic approach where security is not an isolated concern, but rather a shared responsibility. Collaboration is the name of the game here. In order to secure cloud-native deployments, the application, DevOps, and security teams need to work together to make sure security happens earlier in the development cycle and is more closely associated with the development process.

Since Kubernetes is the most popular container orchestrator and many in the industry tend to associate it with cloud native, let’s look at this holistic approach by breaking it down into a framework for securing Kubernetes-native environments.

Framework

At a high level, the framework for securing cloud-native environments consists of three stages: build, deploy, and runtime.

Build

In the build stage, developers write code and the code gets compiled, Continue reading

Why cloud native requires a holistic approach to security and observability

Like any great technology, the interest in and adoption of Kubernetes (an excellent way to orchestrate your workloads, by the way) took off as cloud native and containerization grew in popularity. With that came a lot of confusion. Everyone was using Kubernetes to move their workloads, but as they went through their journey to deployment, they weren’t thinking about security until they got to production. While this might seem like the intuitive thing to do, it doesn’t work in Kubernetes.

With Kubernetes, you can’t wait until the end when you’re ready to move workloads to production; you need to think about security early on. If security is not thought through in a system like Kubernetes, workloads are left vulnerable and you will not end up with a solution that is effective.

Why is this? What makes cloud native so different? Let’s take a look at some of the differences to understand why they warrant a more holistic approach to security and observability for cloud-native applications, whether in Kubernetes or another environment.

Cloud native: Origins, key differences, and challenges

What we’re used to (if we remove cloud native from the equation) is having a client-server architecture, where servers are running Continue reading

We’ve just published a book on container and cloud-native application security and observability

We are excited to announce the release of our O’Reilly book, Kubernetes security and observability: A holistic approach to securing containers and cloud-native applications. The book, authored by Tigera’s Brendan Creane and Amit Gupta, helps you learn how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.

Security practitioners are faced with a wide range of considerations when securing, observing, and troubleshooting containerized workloads on Kubernetes. These considerations range from infrastructure choices and cluster configuration to deployment controls and runtime and network security. Although securing cloud-native applications can be a daunting task, our book will give you the knowledge and confidence you’ll need to establish security and observability for your cloud-native applications.

In 11 chapters, the book covers topics relevant to containers and cloud-native applications in detail, including:

  • Infrastructure security
  • Workload deployment controls and runtime security
  • Network policy
  • Managing trust across teams
  • Exposing services to external clients
  • Encryption of data in transit
  • Threat defense and intrusion detection
  • And more…

After reading the book, you’ll have gained an understanding of key concepts behind security and observability for cloud-native applications, how to determine the best strategy, and which technology choices are available to support Continue reading

Calico is celebrating 5 years

October marks the five-year anniversary of Calico Open Source, the most widely adopted solution for container networking and security. Calico Open Source was born out of Project Calico, an open-source project with an active development and user community, and has grown to power 1.5M+ nodes daily across 166 countries.

When Calico was introduced 5 years ago, the world—and technology—was much different from what it is today. The march toward distributed applications and microservices had just begun. Today, open-source projects like Project Calico are enabling the large-scale adoption of a modern architecture that is ultimately responsible for the wholesale transition to digital transformations that we are witnessing.

As part of our celebration, we’ve compiled a few comments from people who have worked on the project over the years.

“Calico works well out of the box. It scales well, rarely has bugs, and is feature rich. Tigera does a good job supporting its customers also.” —Network engineer
“[Calico is] the industry standard [for] networking for Kubernetes.” —Platform engineer
“The support for a lot of K8s distributions (either on-prem or cloud managed) is great with Calico.” —Platform architect
“[Calico helped us learn] about network segmentation in cloud-native environments.” Continue reading

Learn from industry experts at the Kubernetes Security and Observability Summit—next week!

The Kubernetes Security and Observability Summit is only 1 week away! The industry’s first and only conference solely focused on Kubernetes security and observability will be taking place online June 3, 2021.

During the Summit, DevOps, SREs, platform architects, and security teams will enjoy the chance to network with industry experts and explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

What does security and observability mean in a cloud-native context? What challenges should Kubernetes practitioners anticipate and what opportunities should they investigate? Join us to explore these types of questions and gain valuable insight you’ll be able to take back to your teams.

Speakers & sessions

Tigera’s President & CEO, Ratan Tipirneni, will kick off the Summit with an opening keynote address. Two additional keynotes from Graeme Hay of Morgan Stanley and Keith Neilson of Discover Financial Services will follow. Attendees will then have the opportunity to attend breakout sessions organized into three tracks:

  1. Stories from the real world
  2. Best practices
  3. Under the hood

During these sessions, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera, will share real-world stories, best practices, and technical concepts related to Continue reading

Learn from industry experts at the Kubernetes Security and Observability Summit—next week!

The Kubernetes Security and Observability Summit is only 1 week away! The industry’s first and only conference solely focused on Kubernetes security and observability will be taking place online June 3, 2021.

During the Summit, DevOps, SREs, platform architects, and security teams will enjoy the chance to network with industry experts and explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

What does security and observability mean in a cloud-native context? What challenges should Kubernetes practitioners anticipate and what opportunities should they investigate? Join us to explore these types of questions and gain valuable insight you’ll be able to take back to your teams.

Speakers & sessions

Tigera’s President & CEO, Ratan Tipirneni, will kick off the Summit with an opening keynote address. Two additional keynotes from Graeme Hay of Morgan Stanley and Keith Neilson of Discover Financial Services will follow. Attendees will then have the opportunity to attend breakout sessions organized into three tracks:

  1. Stories from the real world
  2. Best practices
  3. Under the hood

During these sessions, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera, will share real-world stories, best practices, and technical concepts related to Continue reading

Why you don’t want to miss the upcoming Kubernetes Security and Observability Summit

The inaugural Kubernetes Security and Observability Summit will be a free, live, online experience full of Kubernetes-related security and observability content. On June 3, 2021, industry experts will gather under one virtual roof to discuss trends, strategies, and technologies for Kubernetes security and observability, to help you understand and navigate today’s pressing issues in the world of cloud-native applications.

Why attend?

The Summit is a great opportunity to:

  • Network with the industry’s best security, DevOps, and site reliability engineer (SRE) teams for cloud-native platforms
  • Learn how to secure, observe, and troubleshoot Kubernetes environments
  • Explore real-world Kubernetes security and observability use cases presented by experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera

Who should attend?

SREs, platform architects, and DevOps and security teams will all find value in attending the Summit.

  • DevOps teams and SREs – Learn how to include security and observability in your CI/CD to enable security, observability, and troubleshooting
  • Platform architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
  • Security teams – Learn how to holistically secure your cloud-native applications following today’s best practices

Speakers & sessions

An opening keynote address from Continue reading

Why you don’t want to miss the upcoming Kubernetes Security and Observability Summit

The inaugural Kubernetes Security and Observability Summit will be a free, live, online experience full of Kubernetes-related security and observability content. On June 3, 2021, industry experts will gather under one virtual roof to discuss trends, strategies, and technologies for Kubernetes security and observability, to help you understand and navigate today’s pressing issues in the world of cloud-native applications.

Why attend?

The Summit is a great opportunity to:

  • Network with the industry’s best security, DevOps, and site reliability engineer (SRE) teams for cloud-native platforms
  • Learn how to secure, observe, and troubleshoot Kubernetes environments
  • Explore real-world Kubernetes security and observability use cases presented by experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera

Who should attend?

SREs, platform architects, and DevOps and security teams will all find value in attending the Summit.

  • DevOps teams and SREs – Learn how to include security and observability in your CI/CD to enable security, observability, and troubleshooting
  • Platform architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
  • Security teams – Learn how to holistically secure your cloud-native applications following today’s best practices

Speakers & sessions

An opening keynote address from Continue reading

Don’t miss our session at SUSECON Digital 2021

Join us at SUSECON Digital 2021, taking place virtually from May 18–20. It’s free! Tigera VP Product Management & Business Development, Amit Gupta, will be leading a session on Kubernetes networking, security and observability with Rancher and Calico. Our team will also be at the Tigera booth waiting to speak with you.

Speaking session

Don’t miss our session on Kubernetes networking, security and observability with Rancher and Calico! You can add our session to your schedule here.

Session details

Title: Kubernetes Networking, Security and Observability with Rancher and Calico
Date: Tuesday, May 18 at 6:00–6:30 PM (BST)

Rancher enables enterprises to deliver Kubernetes-as-a-Service across any infrastructure, including hybrid, multi-cloud and multi-cluster environments. Kubernetes’ networking, security, and observability for such deployments are critical in preventing an organization’s exposure to a multitude of security and compliance issues.

In this session, you’ll learn about how you can leverage open-source Calico in Rancher (built-in) to secure your Kubernetes environments. You will also learn about how Calico Cloud and Calico Enterprise, built on open-source Calico, can help you address performance hotspots, troubleshoot microservice communication, and carry out anomaly detection. Lastly, you will learn how to bootstrap and configure your Rancher cluster along with sample network Continue reading

Don’t miss our session at SUSECON Digital 2021

Join us at SUSECON Digital 2021, taking place virtually from May 18–20. It’s free! Tigera VP Product Management & Business Development, Amit Gupta, will be leading a session on Kubernetes networking, security and observability with Rancher and Calico. Our team will also be at the Tigera booth waiting to speak with you.

Speaking session

Don’t miss our session on Kubernetes networking, security and observability with Rancher and Calico! You can add our session to your schedule here.

Session details

Title: Kubernetes Networking, Security and Observability with Rancher and Calico
Date: Tuesday, May 18 at 6:00–6:30 PM (BST)

Rancher enables enterprises to deliver Kubernetes-as-a-Service across any infrastructure, including hybrid, multi-cloud and multi-cluster environments. Kubernetes’ networking, security, and observability for such deployments are critical in preventing an organization’s exposure to a multitude of security and compliance issues.

In this session, you’ll learn about how you can leverage open-source Calico in Rancher (built-in) to secure your Kubernetes environments. You will also learn about how Calico Cloud and Calico Enterprise, built on open-source Calico, can help you address performance hotspots, troubleshoot microservice communication, and carry out anomaly detection. Lastly, you will learn how to bootstrap and configure your Rancher cluster along with sample network Continue reading

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes

We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.

With this new release, developers, DevOps, SREs, and platform owners get:

  • A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
  • An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
  • Kubernetes context for easy filtering and subsequent analysis of traffic payloads
  • A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
  • An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
  • The ability to customize the duration and packet size for packet capture
  • Application-level observability to detect and prevent anomalous behaviors

For more information, see our official press release.

Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.

To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading

Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes

We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.

With this new release, developers, DevOps, SREs, and platform owners get:

  • A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
  • An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
  • Kubernetes context for easy filtering and subsequent analysis of traffic payloads
  • A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
  • An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
  • The ability to customize the duration and packet size for packet capture
  • Application-level observability to detect and prevent anomalous behaviors

For more information, see our official press release.

Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.

To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading

Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes

We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.

With this new release, developers, DevOps, SREs, and platform owners get:

  • A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
  • An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
  • Kubernetes context for easy filtering and subsequent analysis of traffic payloads
  • A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
  • An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
  • The ability to customize the duration and packet size for packet capture
  • Application-level observability to detect and prevent anomalous behaviors

For more information, see our official press release.

Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.

To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading

Join Tigera at KubeCon + CloudNativeCon Europe 2021

We are excited to be a sponsor of this year’s virtual KubeCon + CloudNativeCon Europe conference, taking place May 4–7, 2021 online. We hope you’ll join us by visiting our virtual booth, where a team of Tigera experts will be standing by to speak with you.

Visit us at our booth

Our team will be conducting live demos, Ask the Architect sessions, 1:1 chats, and more during our booth hours.

Tigera booth hours

Live demo and Ask the Expert sessions

We will have eight 30-minute interactive sessions focused on addressing questions about Kubernetes security and observability. Stop by our booth to check out the times for these sessions.

Private 1:1 chats & calls

Attendees can view each booth representative’s profile and initiate a private or group text chat, or request a video call.

Public booth chat

Our booth will have a built-in public chat window where booth representatives and attendees can post and reply to messages. Announcements about upcoming activities will be posted in this chat by Tigera representatives.

Enter our raffle to win Apple AirPods

We have 5 pairs of Apple AirPods to give away! The first 100 visitors to our booth will automatically be entered to win. Attendees Continue reading