Container compliance made easy

Elastisys Compliant Kubernetes (CK8s) is a container platform built for strong security and full lifecycle compliance with ISO-27001, GDPR and PCI-DSS.

Running kubernetes at enterprise scale can be a huge operational challenge

 

Competence is scarce and expensive: Hiring and retaining 4-5 Kubernetes experts to operate your clusters 24/7 might not be the most economical way. Switching to Kubernetes also requires new security considerations.

Day 2 operations are complex: Kubernetes is notoriously hard to operate for mission critical workloads under strict SLAs.

The landscape is rapidly evolving: Keeping up with the fast changing cloud native ecosystem is a huge challenge.

Security and compliance is hard: Ops people are not necessarily cloud native security and compliance experts, which makes it time-consuming to keep up with the latest CVEs and regulations.

 

A container platform that puts security first

If you’re working in a highly regulated industry like healthcare, fintech or iGaming you have two options if you want to run modern, containerized workloads on Kubernetes — either you build and maintain a compliant infrastructure yourself and manage the control plane, the operating system and the underlying infrastructure to stay compliant, or you take the risk of falling out of compliance by using an generic managed container platform.

Elastisys Compliant Kubernetes (CK8s) is a highly secure container platform that allows you to run modern, containerized workloads while fulfilling regulatory requirements. CK8s accelerates application development and delivery, simplifies installation and operations and helps fulfill regulatory standards like ISO-27001, GDPR and PCI-DSS.

It’s 100% open-source and compatible with upstream Kubernetes. No proprietary lock-in ensures your future success and freedom to choose providers.

CK8s can be run both on-premise (VMware vSphere or OpenStack) or in public clouds (AWS, GCE, Azure, Digital Ocean, City Cloud) and can be run either as a managed service by Elastisys or as your own stand-alone container platform.

This is the most secure Kubernetes cluster available.
Deployments include logging, monitoring, intrusion detection, network segmentation, audit trails and more tailored to adher to the strict security demands placed by regulations like GDPR, ISO27000-1 and international betting regulations. CK8s is fully open source and built on upstream Kubernetes but comes pre-configured for compliance and security out of the box.

Ensure compliance through the whole software development life cycle

Being compliant does not start when your applications run in production. Elastisys Compliant Kubernetes shifts security and compliance focus left, providing the means to secure your applications throughout the whole software development life cycle.

CK8s does this by:

  • Audit logging the whole container journey
  • Analysing and verifying containers during build, deploy, and run-time
  • Providing easy to use management tools for enforcing policies during deployments – ensuring compliance for the whole application lifecycle
  • Providing operations and security teams with pre-configured logging, monitoring, intrusion detection, network segmentation, and audit trail capabilities tailored to adher to the strict security demands placed by regulations like ISO27000-1, GDPR, and PCI-DSS

 

Features

Elastisys Compliant Kubernetes (CK8s) comes pre-configured for compliance and security out of the box. You’ll be completely freed from worries about being compliant with regulations such as GDPR, PCI-DSS, HIPAA, HITRUST CSF, GxP, and more – with no additional configuration on your end. It´s that easy. 

Security

  • Private Docker repository
  • Minimal Linux-based operating system
  • Intrusion detection systems (IDS) for alerting in case of breaches
  • Automated image vulnerability scanning and antivirus checking
  • Best practice security policies
  • Container sandboxing, limiting what containers can do on a kernel level
  • Persistent storage with backups and Disaster Recovery functionality
  • Optional service mesh for seamlessly enforcing encrypted network traffic
  • Optional distributed tracing
  • Optional automated certificate handling

Observability

  • Prometheus, AlertManager, and Grafana used to monitor applications and the platform itself
  • Logging from the platform and applications stored either in a deployed ElasticSearch cluster or to your log handling service of choice, e.g. Datadog, Splunk, or a (remote) syslog server.
  • Distributed tracing supported by OpenTracing and Jaeger for tracing API calls through a set of services, which helps developers debug and improve performance along critical paths.
  • Full Kubernetes API Audit trails

Enterprise-readiness

  • Deploys on-premise or in the cloud, including entirely regional cloud providers for legal reasons (due to e.g. US Cloud Act, EU GDPR, or national data security regulations)
  • Installation possible on offline (“air-gapped”) on-premise machines
  • Authentication integration with Active Directory, SAML, and Google logins
  • Network isolation and tight firewalls, allowing only permitted network traffic in the platform. Inbound traffic to the cluster is securely handled using the NGINX Ingress Controller
  • Integration with popular CI/CD systems
  • Support for up to 5000 worker nodes and high availability setups for your Kubernetes masters

Customer reference

Tempus is a fast growing and modern daycare planning platform, managing the trust and data privacy of thousands of parents every day.

“We decided on Elastisys as Compliant Kubernetes doesn’t lock you in to any specific cloud, it´s built on best practice projects from the cloud native community, and comes pre-configured for all our security and compliance needs, saving us a lot of effort”.

-Joel

Tempus chose Compliant Kubernetes as a managed service, allowing them to focus on their customers without having to worry about keeping up with platform lifecycle management, security patching, backups and general cloud native and security awareness.

Pricing

CK8s offers you custom pricing plans that scales from individuals to the enterprise. Free for developers, flexible for business. Our Community edition is free forever, with 100% open source. The basic Business package with enterprise support is tailored for on-premise infrastructure, with 8×5 and 24×7 support options available. For the fully Managed Service, our operations team handles upgrades, backups, and security patching, etc. relieving you from all aspects of Day 2 operations. The Managed Service is offered on all major clouds, and can also be delivered from datacenter providers under European legal jurisdiction.

Community

White_v_square Compliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports

Business

White_v_square Compliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports
White_v_square Enterprise support

Managed Service

White_v_square Compliant Cluster
White_v_square Continuous compliance
White_v_square Policy enforcement
White_v_square Audit reports
White_v_square Enterprise support
White_v_square Upgrades
White_v_square Backup and disaster recovery
White_v_square Security patching
White_v_square SLA