Case study: Calico helps Upwork migrate legacy system to Kubernetes on AWS and enforce zero-trust security

Upwork is a freelancing platform that connects a global base of clients to freelancers via job postings. Since going public on the New York Stock Exchange in 2019, the company has become one of the leading freelance platforms worldwide and was named on Time’s list of the 100 Most Influential Companies of 2022.

Upwork’s platform team was running containerized workloads on Consul and Spring Cloud, which required service owners to manually switch to a new code library each time Upwork’s platform team had a new release, and vice versa. This manual switching happened as often as every two months, which was inefficient for a company with over 800 microservices. Also, service owners were not adopting new libraries immediately and could not add upstream and downstream dependencies as needed without going through a review process. Combined, these problems meant that service owners and the cloud engineering and InfoSec teams lacked visibility, were highly susceptible to zero-day attacks and had a slow incident mitigation response.

To solve these problems, Upwork needed to adopt a distributed architecture from the application layer to the network layer. To do this, they required Kubernetes. The switch to Kubernetes meant Upwork’s containers needed to adhere to cloud-native Continue reading

Case study: Calico enables HanseMerkur to reduce infrastructure overhead and achieve ISO 27001 compliance

Established in 1875, HanseMerkur is one of the oldest private health insurance companies in Germany, with customers across Europe. The company ran multi-tenant clusters on premises with Kubespray, with around 150 internal software developers as users. As the company must handle personal information and confidential data, it adheres to ISO 27001, the German equivalent of SOC 2, as per industry standards.

The company’s legacy platform was based on Kubernetes 1.11 (released in 2018), and no updates could be made without completely rebuilding the platform. In fact, the company needed to build new clusters for each new product and also rebuild the existing clusters in order to update Kubernetes versions.

HanseMerkur’s clusters were virtualized on top of a legacy hypervisor, and resources had to be sized for traditional deployment on a per tenant basis. There were a number of issues with this set up, including high overhead, low flexibility, and over-consumption of hardware. As a result, the company’s platform team wanted to go bare metal and consolidate the company’s entire infrastructure into one place.

In an exclusive interview, HanseMerkur details how Calico helped solve the challenges of their consolidation project and helped the company enforce the security and observability capabilities Continue reading

Case study: Calico enables zero-trust security and policy automation at scale in a multi-cluster environment for Box

Box is a content cloud that helps organizations securely manage their entire content lifecycle from anywhere in the world, powering over 67% of Fortune 500 businesses. As a cloud-first SaaS, the company provides customers with an all-in-one content solution within a highly secure infrastructure, where organizations can work on any content, from projects and contracts to Federal Risk and Authorization Management Program (FedRAMP)-related content.

Box has two types of operations: cloud-managed Kubernetes clusters in hybrid, multi-cloud, and public cloud environments, and self-managed Kubernetes clusters in co-located data centers. The company runs multiple clusters with sizes of 1,000 nodes and larger. As one of the early adopters of Kubernetes, Box began using Kubernetes much before Google Kubernetes Engine (GKE) or Amazon’s Elastic Kubernetes Services (EKS) was born, and has been on the leading edge of innovation for Kubernetes in areas such as security, observability, and automation.

In collaboration with Tigera, Box shares how Calico helped the company achieve zero-trust security and policy automation at scale in a multi-cluster environment.

ICYMI: Watch this recording from the 2022 CalicoCon Cloud Native Security Summit, where Tapas Kumar Mohapatra of Box shares how Box moved into automated dependency mapping and policy generation with API Continue reading

Calico monthly roundup: May 2023

Welcome to the Calico monthly roundup: May edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Customer case study: Rafay Rafay achieved turnkey Kubernetes security using Calico on AWS. Read our new case study to find out how. Read case study.

New guide: CISO’s security guide to containers and Kubernetes This guide provides CISOs and other security decision-makers with an overview of container security, insights into securing Kubernetes landscapes and container-based applications, and why securing these technologies requires a unique approach. Read the guide.

Tigera Named Winner of the Esteemed Global InfoSec Awards during RSA Conference 2023 We’re excited to announce that we won the ‘Hot Company: Container Security’ category of the Global InfoSec Awards from Cyber Defense Magazine! Check out the full press release for more details. Read the press release.

Open source news

• Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.
• Flagsmith & Project Calico Interview – In this podcast, Ben Rometsch from Flasgsmith interviews Tigera’s Shaun Crampton about his experiences as Continue reading

Case study: Calico on AWS enables turnkey networking and security for Rafay’s enterprise-grade Kubernetes Operations Platform

Organizations are adopting Kubernetes on Amazon Web Services (AWS) to modernize their applications. But Kubernetes clusters and application lifecycles demand a considerable investment of cost and resources, especially for edge applications.

Rafay’s SaaS-based Kubernetes operations platform (KOP) helps platform teams deploy, scale, and manage their fleet without requiring anyone on the platform team to be a Kubernetes expert. Hosted on AWS Elastic Kubernetes Services (EKS), Rafay’s unified, enterprise-grade KOP supports Kubernetes and application lifecycle management through automation and self-service with the right standardization, control, and governance level. Rafay empowers organizations to accelerate their digital transformation while limiting operating costs.

In partnership with AWS and Tigera, Rafay shares the story of how it leveraged Calico on AWS to secure its turnkey offering in an exclusive case study. Here are the highlights.

Challenges

To secure its KOP and enable customers with little to no Kubernetes experience, Rafay required a scalable, Kubernetes-native security solution that could:

1. Provide and enforce networking and security policy for multi-tenant environments through workload isolation with identify-aware microsegmentation
2. Eliminate IP address exhaustion issues and deliver automated flexible IP address management (IPAM) to allow for agile scaling without increasing operational overhead
3. Seamlessly integrate with Amazon EKS, where Rafay’s KOP is Continue reading

Case study: Calico Enterprise empowers Aldagi to achieve EU GDPR compliance

Founded in 1990, Aldagi is Georgia’s first and biggest private insurance firm. With a 32% market share in Georgia’s insurance sector, Aldagi provides a broad range of services to corporate and retail clients.

With the onset of the pandemic in 2019, Aldagi wanted to make its services available to customers online. To this end, the company adopted an Agile methodology for software development and re-architected its traditional VM-based applications into cloud-native applications. Aldagi then began using containers and Kubernetes as a part of this process. Using self-managed clusters on Rancher Kubernetes Engine (RKE), Aldagi created distributed, multi-tenant applications to serve its broad EU customer base.

In collaboration with Tigera, Aldagi details its journey using Calico to achieve EU GDPR compliance, in order to share its experience with the rest of the Kubernetes community.

Case study highlights

Because Aldagi’s applications are distributed and multi-tenanted, the company faced three major challenges when it came to achieving EU GDPR compliance:

1. Granular access control
2. Visibility and security controls for workloads with sensitive data
3. Continuous compliance reporting and auditing

By deploying Calico, Aldagi solved these challenges and achieved EU GDPR compliance, Continue reading

Tigera named as one of Forbes America’s Best Startup Employers in 2023

We are proud to announce that we have been named one of America’s Best Startup Employers 2023 by Forbes!

The Forbes list of America’s Best Startup Employers 2023 was compiled by evaluating 2,600 companies with at least 50 employees in the United States. All of the companies considered were founded between 2013 and 2020, from the ground up, and were not spin-offs of existing businesses. Just like other Forbes lists, businesses cannot pay to be considered. Evaluation was based on three criteria: employer reputation, employee satisfaction, and growth.

Great Place to Work 2022

Inclusion in Forbes’ list comes after we were proudly certified as a Great Place to Work in 2022.

The Great Place to Work Certification recognizes employers that create an exceptional employee experience. The certification process involves surveying employees and the employer, and rankings are based on employee feedback and independent analysis. This means job searchers can rely on the certification to help them determine whether an organization is truly a great place to work.

Go Tigers!

Our core values are the foundation of everything we do. Tigera believes in a collaborative, flexible work environment built on mutual respect and commitment. We are delighted to hear that our Continue reading

Tigera Named Winner of the Esteemed Global InfoSec Awards during RSA Conference 2023

The annual Global InfoSec Awards from Cyber Defense Magazine (CDM) have been announced, and we are excited to unveil that Tigera has won the ‘Hot Company: Container Security’ category! This award recognizes the value of the work Tigera does as a security company, and we wouldn’t be where we are without the support of our teams, customers, and community.

“We are honored to be recognized as one of the best in container security by Cyber Defense Magazine. As this is one of the most esteemed awards in cybersecurity, we are so grateful to have been selected amongst a pool of qualified applicants and are eager to continue to innovate and provide better container security for organizations,” said Amit Gupta, Chief Product Officer, Tigera.

Tigera’s transformative approach to container security helps prevent, detect, and mitigate threats in containers and Kubernetes environments across build, deploy and runtime stages. Calico Cloud provides a unique solution that gives users a single container security solution to improve security posture, reduce the attack surface with fine-grained security controls, and provide threat defense from network and host based threats.

Cyber Defense Magazine is the Continue reading

White paper: Addressing the MITRE ATT&CK framework for containers using Calico

Be it chess, poker, or everyday driving, you must predict your opponent’s (or other drivers’) movement to win (or keep yourself safe!). Container security is the same, and many organizations look to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework to understand an attacker’s mindset and how to prevent attacks. The MITRE ATT&CK framework released a matrix for containers, giving organizations that use Kubernetes and containers a chance to analyze an attacker’s M.O. and assess the organization’s attack vectors.

To help organizations stay ahead of attackers, Tigera recently released a white paper based on the MITRE ATT&CK containers matrix. Drawing from Tigera’s experience as a cybersecurity provider, the white paper offers an in-depth analysis of the containers matrix. It also details how Tigera’s active security platform, Calico Cloud, a fully-managed SaaS, and its self-managed counterpart, Calico Enterprise, can detect and mitigate every tactic outlined in the matrix.

White paper highlights

Tigera’s white paper dives deep into the MITRE framework for containers to help organizations understand the risks they face and how they can mitigate these vulnerabilities using Calico. Here’s what you will learn from the white paper and the questions it’ll answer:

• Attack vectors of Continue reading

Case study: How Mulligan Funding built a SOC 2-compliant fintech SaaS platform with Calico Cloud

The rise of fintech has pushed traditional financial institutions to provide online-based services and launch fintech applications. But these services must be secure and meet certain regulatory requirements, such as the Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Regulation (GDPR), or SOC 2.

When our customer, Mulligan Funding, needed to launch a new fintech SaaS platform, they had to ensure that all communication to and from the application would be secure and SOC 2 compliant, since the platform would handle sensitive personal and financial data. To achieve this, Mulligan Funding decided to standardize on Microsoft Azure Kubernetes Service (AKS) and chose Calico Cloud for its security and compliance needs.

Case study highlights

Mulligan Funding faced two major challenges when it came to achieving SOC 2 compliance:

1. Ensure compliance and be notified of any control changes 24/7 in a way that’s scalable
2. Gain visibility into clusters to immediately pinpoint issues that require troubleshooting

Read the case study to learn:

• How Mulligan Funding bolstered its security posture at scale through unified security policy management.
• Why deploying Calico Cloud not only helped Mulligan Funding achieve compliance, but also helped the company reduce service distributions and optimize troubleshooting.

Read Continue reading

New! Free self-paced workshops for containers and Kubernetes 

There’s no better way to learn something than to get hands-on. Tigera is excited to present its brand new (and completely free!) self-paced workshops for containers and Kubernetes. Each workshop comes with your own provisioned sample application (Hipstershop) and Calico Cloud lab environment for a limited time.

The first self-paced workshop we’ve launched is on compliance for containers and Kubernetes. Let’s take a closer look at why you should enroll in our compliance workshop and what you’ll gain.

Why get hands-on with achieving compliance?

From the Payment Card Industry Data Security Standard (PCI DSS) to the Health Insurance Portability and Accountability Act (HIPAA) to the General Data Protection Regulation (GDPR), most industries must meet certain compliance requirements when it comes to handling personal data. This could mean implementing resource access control, isolating workloads with sensitive data, or enforcing more advanced security controls such as logging all customer confidential data transactions. No matter what sort of controls you need to implement, the compliance auditor will require proof of compliance, such as what security controls are currently in place, whether control changes can be detected, and if compliance can be verified on demand. The ephemeral nature of Kubernetes can make it Continue reading

Live next week: The CalicoCon + Cloud-Native Security Summit!

Tigera is delighted to present the annual CalicoCon + Cloud-Native Security Summit on December 7th, 2022, 9:45 a.m. – 4:00 p.m. PT. This is your chance to network with top cloud-native platform, security, DevOps, and site reliability engineer (SRE) teams, and explore real-world use cases with major players in the cloud-native industry.

Live, free, and fully virtual, the Summit gathers industry experts to explore the best practices for securing, observing, and troubleshooting cloud-native applications through real-world stories.

Who should attend?

The Summit is curated for security, DevOps, SRE, and platform architect teams in the cloud-native world.

• Security teams – Learn how to holistically secure your cloud-native applications using today’s best practices.
• DevOps and SRE teams – Find out how you can incorporate security and observability in your CI/CD pipeline to enable security, observability, and troubleshooting,
• Platform Architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications,

Speakers and sessions

From panels to workshops to fireside chats, the Summit offers a variety of interactive sessions. Here’s a quick peek at some of our speakers and sessions:

• Lyudmila Huzenko from Playtech will talk about Playtech’s journey with Calico toward GitOps network security management in Kubernetes.
• Tapas Continue reading

Automate Calico Cloud and EKS cluster integration using AWS Control Tower

Productive, scalable, and cost-effective, cloud infrastructure empowers innovation and faster deliverables. It’s a no-brainer why organizations are migrating to the cloud and containerizing their applications. As businesses scale their cloud infrastructure, they cannot be bottlenecked by security concerns. One way to release these bottlenecks and free up resources is by using automation.

What if you could automate the deployment and integration of your container security services with your cluster’s environment?

In a joint blog post with AWS Marketplace, AWS Sr. Cloud Application Architect, Deepak Sihag, joins Tigera’s Technical Marketing Engineer, Joseph Yostos, to walk you through the process of activating, deploying, and configuring Calico Cloud in your AWS Control Tower environment. And of course, how to automate the process of connecting Calico Cloud to your EKS cluster.

Blog highlights

Aside from showing you how you can fully leverage the preconfigured resources of AWS Control Tower, the solution walkthrough also highlights:

• Event-driven automation to connect an EKS cluster with Calico Cloud
• AWS CloudFormation deployment
• Detailed runthrough of prerequisite configurations
• Step-by-step guide on how to automate Calico Cloud and EKS cluster integration using AWS Control Tower
• How to clean up your account to avoid incurring costs

Why read the blog?

As the Continue reading

Implementing zero-trust workload security on Amazon EKS with Calico

Whether you’re migrating to the cloud via lift-and-shift deployments, or re-architecting to a cloud-native architecture, the migration itself and adopting a microservices architecture is no easy feat. To accelerate their cloud-native journey, many organizations opt for a managed Kubernetes service, as the skill and resources required to run a container orchestration system at scale are demanding.

Fully integrated with core Amazon Web Services (AWS) technologies, easy-to-use, and most importantly, scalable, Amazon Elastic Kubernetes Service (EKS) is one of the most popular managed Kubernetes services for organizations running containerized applications in cloud.

The next immediate challenge after migrating to the cloud is security and compliance. As an AWS Competency Partner, Tigera’s suite of solutions, including Calico Cloud, Calico Enterprise, and Calico Open Source, are built to solve these challenges. These solutions are created with EKS security in mind, enabling users to implement zero-trust workload access controls along with microsegmentation to apply workload isolation during runtime.

In a new joint blog post with the AWS Partner Network, AWS Solutions Architect, Andrew Park, and Tigera’s Director of Solution and Partner Marketing, Dhiraj Sehgal, guides users through the journey of implementing zero-trust workload access controls and identity-aware microsegmentation for multi-tenant workloads in Continue reading