As cloud settings continue to evolve, environmental friendliness and efficient workload security have risen to the top of the agenda. At Cisco, we’ve seamlessly integrated Isolator, a cutting-edge platform, into our infrastructure, ensuring robust protection for our cloud-based workloads while maintaining optimal performance and efficiency.
Why Isovalent?
The Isovalent platform leverages cutting-edge eBPF technology, offering a highly effective approach to securing cloud-native environments.
In contrast to traditional safety options that struggle to keep pace with the dynamic scalability of containers, Isovalent’s innovative approach combines zero-trust networking with lightweight, eco-friendly community observability and security tools specifically designed for Kubernetes environments.
Isovalent’s innovative approach embeds robust security features at the kernel level, providing identity-based protection, seamless community segmentation, and unparalleled visitor visibility – all without incurring the typical overhead associated with legacy solutions. Cisco enables us to safeguard our workloads and seamlessly scales our cloud infrastructure through comprehensive community-based coverage.
Attaining compliance
Compliance with regulatory requirements is a paramount consideration for our operations at Cisco, particularly in sectors that demand unwavering security and adherence to stringent guidelines. Isovalent played a crucial role in facilitating our FedRAMP compliance by providing robust encryption and ensuring total conformance with Federal Information Processing Standards (FIPS) requirements. This encrypts each piece of knowledge in transit, safeguarding sensitive information at every stage.
Beyond encryption, Isovalent provides a robust platform for in-depth observation of community flows, enabling us to monitor, analyze, and shape policy decisions with exceptional precision. With our advanced auditing capabilities, we ensure seamless compliance with the most stringent industry regulations while maintaining complete control over our scalable cloud infrastructure.
Isolating sensitive data with Isovalent’s Enterprise for Cilium solution provides robust assistance in meeting critical FedRAMP control requirements, thereby offering a secure and reliable option for federal clients seeking to deploy trusted cloud infrastructure. Among the key controls offered by Cilium are:
The transmission of confidential and integrity-sensitive information across SCADA systems requires robust measures to prevent unauthorized access, interception, or modification. To achieve this, transmission protocols shall ensure that all data packets are encrypted using algorithms with a minimum key length of 128 bits, and digital signatures shall be used to verify the authenticity of transmitted data.
- The Cilium agent capitalizes on cutting-edge Linux kernel technologies such as eBPF, IPsec, and the Linux Kernel Crypto API cryptographic module.
- Cilium’s capabilities are comparable to those of a Service Mesh, providing community-driven features such as security, observability, and traffic policy enforcement, aligning with the Department of Defense’s Kubernetes reference architecture. This design enables secure and environmentally sustainable communication among enterprises within a Kubernetes ecosystem.
- Unlike traditional Service Mesh solutions that rely on a sidecar architecture, Cilium’s eBPF integration enables seamless collaboration with the Linux kernel’s TCP/IP layer, eliminating the need for an intermediate proxy.
- Cilium simplifies networking in Kubernetes clusters by installing eBPF and XDP packages on each node, facilitating seamless communication between co-located pods via the loopback interface. This approach reduces operational expenses by streamlining data handling, resulting in a marked decrease in latency and processor usage, ultimately fostering increased productivity and security.
2. SC-13 — Cryptographic safety
- Cilium leverages the IPsec suite for in-transit encryption, protecting a range of protocols, including HTTP, TCP, UDP, and multicast.
- Achieves FIPS compliance and supports FedRAMP certification by addressing excessive requirements in environments such as Amazon GovCloud.
- Employing the Federal Information Processing Standards (FIPS)-compliant Advanced Encryption Standard Galois/Counter Mode (AES-GCM) encryption protocol, featuring adjustable key lengths ranging from 128 to 256 bits for enhanced data protection.
- Validated through the rigorous NIST CMVP process, our solution aligns with the standards established for Amazon Linux 2’s Kernel Crypto API, mirroring CMVP#4593.
With advanced features, Isovalent’s Enterprise for Cilium empowers federal organizations to safeguard their Kubernetes-based workloads under the stringent FedRAMP guidelines, thereby ensuring the confidentiality and integrity of sensitive information.
Conclusion
By seamlessly integrating the Isovalent platform into Cisco’s cloud infrastructure, we have significantly enhanced our security posture, enabling us to effectively manage compliance requirements, protect our mission-critical workloads, and scale with greater assurance. Our eBPF-powered security solution has established itself as a benchmark for ensuring the reliability and integrity of our cloud-native services, while navigating the ever-evolving landscape of regulatory compliance requirements, including FedRAMP. By partnering with Isovalent, we have successfully struck a balance between robust safety measures and operational efficiency.
Share:
