News
Tigera Introduces Calico Security Policy Recommender Improvements and FIPS Compliance
December 2022 by Marc Jacob
Tigera announced several new capabilities that help reduce an application’s attack surface. These capabilities include security policy recommendations for namespaces, FIPS compliance for use by federal agencies, and new and improved dashboards for faster troubleshooting.
The Security Policy Recommender has long been a useful tool for security-focused Calico users to identify and deploy granular network security policies for improved security at the pod level. Policy development requires an advanced understanding of microservices that are interacting with and depending on each other, microservices with vulnerabilities, those that need to communicate outside the cluster, and those that are accessing sensitive data. The Security Policy Recommender empowers organizations that lack the expertise to build granular policies by accounting for this information to help users avoid outages and increased vulnerabilities during policy development.
The latest iteration of the Security Policy Recommender recommends policies at the namespace level in addition to policies at the pod level. This benefits users interested in multi-tenant architectures and workload isolation by enabling them to implement microsegmentation without any detailed knowledge of application-level changes. Overall, this update increases team productivity by enabling users – no matter their expertise – to take advantage of automated policies to improve the security posture of their Kubernetes clusters.
The latest Calico update also enables users to become FIPS compliant, a standard that is required of customers that serve federal agencies. To satisfy compliance requirements and make the platform accessible to more users, Calico now offers a FIPS-compliant installation/deployment mode so that customers can meet FedRAMP requirements when using EKS or similar platforms for managed Kubernetes services.
