Wednesday, November 27, 2024
HomehealthHow Cisco Makes use of Isovalent to Safe Cloud Workloads

How Cisco Makes use of Isovalent to Safe Cloud Workloads


As cloud surroundings evolve, environment friendly and efficient workload safety has been on the high of the checklist. At Cisco, we now have built-in the Isovalent platform into our infrastructure to make sure our cloud workloads are protected with out compromising on efficiency.

Why Isovalent?

The Isovalent platform is predicated on the eBPF (prolonged Berkeley Packet Filter) know-how that gives a really trendy method to securing cloud-native environments. The place conventional safety options often fail to maintain up with the dynamic and scalable nature of containers, Isovalent’s zero-trust networking and light-weight, extremely environment friendly community observability and safety instruments, all come tailored for Kubernetes environments.

Isovalent embeds safety on the kernel stage to offer identity-based safety, community segmentation, and site visitors visibility with out the overhead that’s often related to legacy options. Meaning Cisco can higher defend our workloads and scale with seamless community coverage enforcement in our rising cloud infrastructure.

Reaching compliance

Regulatory compliance is without doubt one of the most important points of our operation right here at Cisco, much more so in high-security-demanding industries.  Isovalent has been very instrumental in serving to us obtain FedRAMP compliance by offering encryption and being totally FIPS-compliant. This ensures that every one information in transit is encrypted, securing delicate info at each layer.

Past encryption, Isovalent offers a platform with deep observability into community flows, which permits us to observe, monitor, and implement insurance policies with a excessive diploma of granularity. With the flexibility to audit site visitors and detect anomalies, we guarantee full compliancy with the strictest trade requirements whereas sustaining full management over our cloud surroundings.

Isovalent Enterprise for Cilium offers sturdy help for important FedRAMP controls, making it a safe selection for federal prospects. Two of essentially the most vital controls that Cilium presents are:

1.SC-8(1) — Transmission confidentiality and integrity

  • The Cilium agent leverages superior Linux kernel applied sciences resembling eBPF, IPsec, and the Linux Kernel Crypto API Cryptographic Module.
  • Cilium capabilities equally to a Service Mesh part by offering community safety, observability, and coverage enforcement capabilities, as outlined within the DoD’s Kubernetes reference design. This design permits safe and environment friendly communication between companies throughout the Kubernetes surroundings.
  • Not like conventional Service Mesh options that depend on a sidecar mannequin, Cilium’s eBPF integration permits it to work together immediately with the Linux kernel’s TCP/IP layer.
  • Cilium installs eBPF and XDP (eXpress Knowledge Path) packages on every Kubernetes node, enabling seamless communication between pods on the identical node by way of the loopback interface. This method minimizes overhead, permitting for environment friendly packet processing that reduces latency and CPU utilization, thereby bettering efficiency and safety.

2. SC-13 — Cryptographic safety

  • Cilium makes use of the IPsec suite for clear data-in-transit encryption, protecting a number of protocols resembling HTTP, TCP, UDP, and Multicast.
  • Helps FIPS compliance, assembly FedRAMP Excessive necessities in environments like Amazon GovCloud.
  • Makes use of the FIPS-compliant AES-GCM encryption algorithm with key lengths of 128 to 256 bits.
  • Leverages the NIST CMVP (Cryptographic Module Validation Program) for the relevant Linux distribution, resembling Amazon Linux 2 Kernel Crypto API Cryptographic Module CMVP#4593.

With such capabilities, Isovalent Enterprise for Cilium permits federal companies to safe their Kubernetes-based workloads underneath strict FedRAMP requirements, additional guaranteeing information confidentiality and integrity.

Secure Cloud Workloads

Conclusion

Integrating the Isovalent platform into Cisco’s cloud infrastructure has elevated our safety capabilities to take care of compliance, defend our workloads, and scale with confidence. Its superior, eBPF-based safety resolution has proved to be a should for safeguarding all our cloud-native operations whereas tending to the endless stream of trade laws resembling FedRAMP. With Isovalent, we’ve achieved the proper steadiness between sturdy safety and operational effectivity.


We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!

Cisco Safety Social Channels

Instagram
Fb
Twitter
LinkedIn

Share:



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments