Tigera,
the inventor and maintainer of Project Calico, announced an
industry-first, pay-as-you-go software as a service (SaaS) for Kubernetes
security and observability. With Calico Cloud, users only pay for services
consumed and are billed monthly, getting immediate value without upfront
investment.
Calico Cloud gives DevOps, DevSecOps, and Site Reliability
Engineering (SRE) teams a single pane of glass across multi-cluster and
multi-cloud Kubernetes environments to deploy a standard set of egress access
controls, enforce security policies for compliance, and observe and
troubleshoot applications.
According to a Cloud Native Computing Foundation (CNCF) report,
the number of Kubernetes deployments is rapidly growing as cloud-native
application adoption becomes mainstream. Cloud-native applications are composed
of containers and microservices that directly access other cloud services,
legacy applications, and applications like SalesForce and Zuora. Traditional
perimeter-based security solutions are unaware of containers and microservices
inside a Kubernetes cluster. Moreover, microservices are highly dynamic and
ephemeral rendering any static IP address-based security control inadequate.
The deployment characteristics of cloud-native applications make them harder to
secure, observe and troubleshoot.
Without granular levels of security, there is a potential
for unauthorized access to and from microservices. And once a service is
compromised, it is easy for the malicious actors to move laterally.
Calico Cloud is Kubernetes-native and provides native
extensions to enable security and observability as code for easy and consistent
enforcement across Kubernetes distributions, multi-cloud and hybrid
environments.
"Without observability, security is incomplete. Calico Cloud
combines both to offer DevOps and SREs a simple, resilient, secure, and
performant service, so they can focus on what matters most: operating services
that are secure, observable, and easy to troubleshoot," said Ratan Tipirneni,
CEO of Tigera. "With Calico Cloud, users can get started with one use case and
add capabilities to address new use cases as their operational requirements
change."
"While Kubernetes provides great flexibility, we've learned
how challenging it is to secure, observe, and troubleshoot this environment,"
said Jeff Puccinelli, senior DevOps engineer, Mulligan Funding. "With the
detailed visibility and robust security offered by Calico Cloud via features
such as the Dynamic Service Graph, we're able to observe exactly what is going
on, which helps us analyze and troubleshoot far more effectively."
Calico Cloud is available in two service offerings: A
Starter subscription that is priced at $0.05 per node hour or $350 per node
annually; and a Pro subscription priced at $0.08 per node hour or $561 per node
annually. To compare options and precisely calculate monthly spending go here.
Calico Cloud includes the following capabilities:
- Egress Access Controls: Calico Cloud limits
access to and from external endpoints on a "per-pod" basis including
access to microservices, cloud databases, cloud services, APIs, and legacy
applications.
- East-West Security
Controls: Calico
Cloud limits the blast radius when a security breach results in an APT
(advanced persistent threat). Calico Cloud's "defense-in-depth" approach
provides protection on three levels: host, container/VM, and application,
and can perform micro-segmentation for both container and VM (virtual
machine) workloads.
- Security and Compliance:
Calico
Cloud encrypts data-in-transit, and provides intrusion detection with
threat feeds of bad actors and known attacks. Using machine learning,
CalicoCloud detects anomalies and generates policy recommendations that
can be applied in milliseconds to remedy and prevent future attacks.
Calico Cloud enables organizations to comply with regulations including
PCI, HIPAA, SOC 2, and GDPR.
- Observability and
Troubleshooting: Calico
Cloud generates a Dynamic Service Graph that observes microservices
behavior and interactions at run-time and provides detailed information to
speed troubleshooting, and automatically identifies and highlights
performance hotspots. Software engineers can quickly drill down and
identify the source of a problem at the application, process, and socket
levels as well as through an automated packet capture function.
For a complete overview, read the Calico Cloud technical
features blog.