Security is always top of mind. When you choose Spectro Cloud Palette, you can be sure that your K8s clusters are protected.
When you have many clusters, many namespaces and many teams across the business needing access, it’s important to be able to set fine-grained permissions over who can access what.
Palette provides powerful role-based access controls (RBAC) encompassing all your teams and clusters, so there’s a single source of truth. We support a wide range of role permissions for your users and teams, which you can customize and apply for specific resources.
Of course, permissions are nothing without proper user authentication — we enable you to enforce user authentication and authorization to Palette through single sign-on (SSO) via external providers (IDP) or SAMLv2.
Security best practice is to isolate your workloads and restrict team access on different clusters, limiting the damage caused by compromised credentials or other potential breaches, instead of relying on the soft isolation of namespaces in a single ‘megacluster’.
Palette’s natively multicluster architecture makes it easy to consistently deploy and manage multiple clusters across multiple environments, enabling you to adopt this best practice and minimize risk, without increasing your workload.
And with our Palette Virtual Cluster capability, you can build a pristine new cluster experience with strong isolation for your CI/CD pipelines and other developer environments, without the delays and compute overheads of firing up full Kubernetes clusters each time.
Many security vulnerabilities are a result of misconfiguration and unpatched older software versions left running. Yet it’s almost impossible to keep your infrastructure fully patched and its configurations perfectly compliant if you’re making changes manually.
Palette enables you to build Cluster Profiles, repeatable blueprints for the entire software stack of your Kubernetes clusters. Using these Profiles, Palette not only ensures that every cluster is deployed the same way, it checks every two minutes and ensures there’s zero configuration drift from your desired state. And if you apply a patch or upgrade to the Cluster Profile, all running clusters using that profile will be automatically updated in parallel. You can even automatically patch the OS layer, either with scheduled updates or on boot.
For edge environments or anywhere where malicious actors could tamper with your infrastructure, we enable you to build immutable software images for your OS and Kubernetes distribution. The device filesystem and cluster’s core are read-only and will always revert to a known good state when rebooted.
Security should never be assumed. As part of our rich suite of day 2 operations capabilities, Palette features native security scanning, using KubeBench to assess against CIS benchmarks, KubeHunter for penetration testing, and Sonobuoy for testing conformance against CNCF specifications.
We also provide native support for many other activities essential to a good security posture, from backup and restores to certificate rotation, and active monitoring of cluster usage, health and costs, which can provide indications of a security incident, with a single view of clusters across all your destination environments.
Of course, we also make it easy for you to deploy the best security products to your clusters by adding packs to your Cluster Profiles. We already support integrations with popular projects such as Falco and Vault.
At Spectro Cloud we take our responsibilities as a technology provider seriously. We are certified to many recognized IT security standards, including FIPS 140, SOC 2 Type 2, ISO 27001 and PCI DSS. Since we serve customers in highly regulated industries such as healthcare and communications services, you can be sure that we have passed numerous security audits.
In the world of cloud-native, we are a CNCF-certified service provider, and our PXK distribution is CNCF-conformant. Many of our engineers are Certified Kubernetes Administrators (CKA) and Certified Kubernetes Application Developers (CKAD) with Certified Kubernetes Security Specialist certifications (and we can help you get yours, too).
To support your particular security needs we offer Palette not only as a multi-tenant SaaS product, but also deployed as single-tenant dedicated SaaS, self-hosted on-prem in your data center, even air-gapped.