Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.

Velero is an open-source backup and recovery tool designed specifically for Kubernetes clusters. It provides a straightforward way to protect your Kubernetes resources, including persistent volumes, namespaces, and custom resources, by taking backups and restoring them in case of data loss or disaster recovery scenarios. In this blog you will learn the different use cases for Velero and the two ways to install Velero, using the Velero CLI and using a Helm chart.

Relying solely on the Common Vulnerability Scoring System (CVSS) is insufficient when it comes to effective vulnerability management. While the CVSS score provides a quantitative measure of a vulnerability’s severity, it fails to capture the contextual nuances that can significantly impact the actual risk to an organization. In this article, we will discuss how best to choose a vulnerability management solution.

SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.

With the rapid adoption of Kubernetes in organizations and the push to standardize the orchestration of resources with this approach, databases are now also being deployed into Kubernetes. Historically, persistent workloads like databases were not recommended for their deployment into Kuberntes as it was complex to manage how data would be stored. This was a result of Kubertnes originally being designed for non persistent microservice architectures.

In this blog post, I will be talking about audit and compliance and how to implement it with Calico. Most IT organizations are asked to meet some standard of compliance, whether internal or industry-specific. However organizations are not always provided with the guidance to implement it. Furthermore, when guidance has been provided, it is usually applicable to a more traditional and static environment and doesn’t address the dynamic nature of Kubernetes.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.

We are excited to introduce the early preview releases for Calico Enterprise 3.17. This release focuses on helping enterprises have a strong security posture for their containers and Kubernetes clusters. Let’s go through some of the highlights of this release.