Because the cloud surroundings evolves, environment friendly and efficient workload safety has been on the prime of the checklist. At Cisco, we’ve built-in the Isovalent platform into our infrastructure to make sure our cloud workloads are protected with out compromising efficiency.
Why isovalent?
The Isovalent platform is predicated on eBPF (Berkeley Prolonged Packet Filter) know-how which presents a really fashionable strategy to defending cloud-native environments. Whereas conventional safety options typically fail to maintain up with the dynamic and scalable nature of containers, Isovalent’s zero-trust networking and light-weight, extremely environment friendly community safety and observability instruments are tailored for environments. of Kubernetes.
Isovalent incorporates kernel-level safety to supply identity-based safety, community segmentation, and site visitors visibility with out the overhead usually related to legacy options. Meaning Cisco can higher shield our workloads and scale with seamless community coverage enforcement throughout our rising cloud infrastructure.
Obtain compliance
Regulatory compliance is without doubt one of the most crucial points of our operation right here at Cisco, much more so in industries that require excessive safety. Isovalent has been instrumental in serving to us obtain FedRAMP compliance by offering encryption and being absolutely FIPS compliant. This ensures that each one knowledge in transit is encrypted, defending delicate info at each layer.
Past encryption, Isovalent supplies a platform with deep observability of community flows, permitting us to watch, hint, and implement insurance policies with a excessive diploma of granularity. With the flexibility to audit site visitors and detect anomalies, we guarantee full compliance with the business’s strictest requirements whereas sustaining full management over our cloud surroundings.
Isovalent Enterprise for Cilium supplies sturdy assist for crucial FedRAMP controls, making it a safe choice for federal prospects. Two of an important controls that Cilium presents are:
1.SC-8(1) — Confidentiality and integrity of transmission
- The Cilium agent leverages superior Linux kernel applied sciences resembling eBPF, IPsec, and the Linux Kernel Crypto API module.
- Cilium features equally to a Service Mesh part by offering community safety, observability, and coverage enforcement capabilities, as described within the Division of Protection Kubernetes Reference Design. This design allows safe and environment friendly communication between providers throughout the Kubernetes surroundings.
- Not like conventional Service Mesh options that depend on a sidecar mannequin, Cilium’s eBPF integration lets you work together straight with the TCP/IP layer of the Linux kernel.
- Cilium installs eBPF and XDP (eXpress Knowledge Path) packages on every Kubernetes node, permitting seamless communication between pods on the identical node through the loopback interface. This strategy minimizes overhead, enabling environment friendly packet processing that reduces latency and CPU utilization, thereby enhancing efficiency and safety.
2. SC-13 — Cryptographic Safety
- Cilium makes use of the IPsec suite for clear encryption of knowledge in transit, protecting a number of protocols resembling HTTP, TCP, UDP and Multicast.
- Helps FIPS compliance and meets excessive FedRAMP necessities in environments resembling Amazon GovCloud.
- It makes use of the FIPS-compliant AES-GCM encryption algorithm with key lengths from 128 to 256 bits.
- Leverages the NIST CMVP (Cryptographic Module Validation Program) for the relevant Linux distribution, such because the Amazon Linux 2 Kernel Crypto API CMVP#4593 cryptographic module.
With such capabilities, Isovalent Enterprise for Cilium allows federal companies to guard their Kubernetes-based workloads underneath strict FedRAMP requirements, additional guaranteeing knowledge confidentiality and integrity.
Conclusion
The mixing of the Isovalent platform into Cisco cloud infrastructure has elevated our safety capabilities to keep up compliance, shield our workloads, and scale with confidence. Its superior eBPF-based safety resolution has confirmed to be crucial in safeguarding all of our cloud-native operations whereas addressing the infinite stream of business rules like FedRAMP. With Isovalent, we’ve achieved the right steadiness between sturdy safety and operational effectivity.
We might love to listen to what you assume. Ask a query, remark under, and keep related with Cisco Safe on social media.
Cisco Safety Social Channels
Share:
