I have been using Calico Cloud between 2022 to 2024. I worked on a project focused on security and vulnerability scanning within our containers. Calico Cloud was implemented because the company wanted to understand their security architecture within our orchestration environment, as we were using Kubernetes and running on AWS. We were also using AWS Inspector, but Calico Cloud was injected within the system to help with security, particularly within the containers. My main use case for Calico Cloud is security. Calico Cloud has developed a cloud-native solution for the security of containers. You are able to have insights into your cloud security posture management (CSPM), gaining an understanding of your security posture within your containers and how to design your security system. Within Kubernetes, you have your container security interface (CSI), which Calico Cloud is able to build something native for and is able to secure your containers, ensuring they are well secured within their ecosystem. When you log in to the console, everything was mostly click-based. You see different options on the console where you can check your posture or scan your containers for vulnerabilities. You can see whether vulnerabilities are high or low, and you are able to apply the best security posture to protect your containers so that no one is open and vulnerable to attack. Everything was connected, and you could see the different policies in place.
My main use case for Calico Cloud is traffic management, which is the primary feature that I primarily use in my organization. We appreciate their recommendation system for security, and the service graph they provide gives us accessibility to our service graph, which is what we use it for. A specific example of how I use Calico Cloud for traffic management and the service graph is that they provide us visibility, which is one of the things I appreciate about Calico Cloud. A similar product is Jaeger when you are using Istio, so they essentially do the same thing. You look at the service graph and you will see how, for example, we have several microservices. For me to communicate with another, normally you would not know how the full communication works. However, with Calico Cloud, you are able to see that this service communicates with these services and how they communicate. You can see the latency that is occurring at a particular junction. You can basically see all your services that make up your application that were developed for different vendors in our company, and you can see how each and every one of them communicates for this product. All the services that make up that microservice are what we use the service graph for. Their micro-segmentation helps to provide functionality similar to AWS Security Hub or a security advisor. You are able to be told that for a particular product and particular communication, these are the communications that occur on a day-to-day basis, and therefore, they recommend that you put in this kind of policy. If you agree with them, then you go and enforce the policy, and they provide a place to test it so that it does not affect your real-life traffic, allowing you to confirm that the feature really helps you. Regarding my main use case and how Calico Cloud fits into my workflow, they have observability. I am able to combine all the different logs, DNS logs, so that I can see what actually happens from flow logs, DNS logs, and the other logs. That way I can make sense of what is going on in my cluster. For observability, they are doing good work. They provide insights that I have used with Istio, which is another product that also takes care of observability, not necessarily network policies in the way Calico Cloud supports. It is a good job overall.
Container Security involves protecting containerized applications from potential threats throughout their lifecycle, ensuring integrity, authentication, and visibility. It offers robust measures to safeguard applications in a constantly evolving environment. This approach focuses on securing containers to prevent unauthorized access while maintaining application performance. Businesses can use Container Security solutions to detect vulnerabilities, monitor processes, and manage compliance...
I have been using Calico Cloud between 2022 to 2024. I worked on a project focused on security and vulnerability scanning within our containers. Calico Cloud was implemented because the company wanted to understand their security architecture within our orchestration environment, as we were using Kubernetes and running on AWS. We were also using AWS Inspector, but Calico Cloud was injected within the system to help with security, particularly within the containers. My main use case for Calico Cloud is security. Calico Cloud has developed a cloud-native solution for the security of containers. You are able to have insights into your cloud security posture management (CSPM), gaining an understanding of your security posture within your containers and how to design your security system. Within Kubernetes, you have your container security interface (CSI), which Calico Cloud is able to build something native for and is able to secure your containers, ensuring they are well secured within their ecosystem. When you log in to the console, everything was mostly click-based. You see different options on the console where you can check your posture or scan your containers for vulnerabilities. You can see whether vulnerabilities are high or low, and you are able to apply the best security posture to protect your containers so that no one is open and vulnerable to attack. Everything was connected, and you could see the different policies in place.
My main use case for Calico Cloud is traffic management, which is the primary feature that I primarily use in my organization. We appreciate their recommendation system for security, and the service graph they provide gives us accessibility to our service graph, which is what we use it for. A specific example of how I use Calico Cloud for traffic management and the service graph is that they provide us visibility, which is one of the things I appreciate about Calico Cloud. A similar product is Jaeger when you are using Istio, so they essentially do the same thing. You look at the service graph and you will see how, for example, we have several microservices. For me to communicate with another, normally you would not know how the full communication works. However, with Calico Cloud, you are able to see that this service communicates with these services and how they communicate. You can see the latency that is occurring at a particular junction. You can basically see all your services that make up your application that were developed for different vendors in our company, and you can see how each and every one of them communicates for this product. All the services that make up that microservice are what we use the service graph for. Their micro-segmentation helps to provide functionality similar to AWS Security Hub or a security advisor. You are able to be told that for a particular product and particular communication, these are the communications that occur on a day-to-day basis, and therefore, they recommend that you put in this kind of policy. If you agree with them, then you go and enforce the policy, and they provide a place to test it so that it does not affect your real-life traffic, allowing you to confirm that the feature really helps you. Regarding my main use case and how Calico Cloud fits into my workflow, they have observability. I am able to combine all the different logs, DNS logs, so that I can see what actually happens from flow logs, DNS logs, and the other logs. That way I can make sense of what is going on in my cluster. For observability, they are doing good work. They provide insights that I have used with Istio, which is another product that also takes care of observability, not necessarily network policies in the way Calico Cloud supports. It is a good job overall.