Security

Kubernetes is highly configurable, but highly complex

Kore Operate is secure by design

Kore Operate enables teams to self-serve resources to build and ship applications quickly and securely while leveraging containerised technologies, open-source and the cost efficiencies of multi-cloud. 

Born in security-critical environments, the platform is built with a security-first approach, ensuring that all platform operations are accomplished using ephemeral credentials and least privilege access.

  • Centralised RBAC

    Role Based Access Control (RBAC) operates consistently within Kore Operate, regardless of the customer's public cloud environment. By providing a central point of control, users aren't required to have direct access to the target cloud environment. Operators define mapped cloud accounts that take action on the target cloud account on behalf of the user.

  • Least Privilege Account Automation

    Kore Operate has been designed for use in highly secure environments. As such, all operations are conducted following the Principle of Least Privilege, which means that cloud operation is accomplished with the absolute minimum amount of access required to accomplish an action. This is important to the consistent maintenance of a hardened security posture in the cloud: Only using the minimum permission required AND for the shortest time necessary.

  • Security Best-practices

    Kore Operate users have built-in security configurations and policies that have been verified by independent security researchers and professionals, created from our experience implementing cloud and Kubernetes in highly-regulated environments. These polices harden the security posture of cloud-based Kubernetes clusters and application services to ensure that resources are always delivered securely by default.

  • Cloud Managed Accounts

    Kore Operate is implemented on Kubernetes as provided by cloud providers, and utilises managed credentials from the providers.

    On EKS on AWS: IAM Roles for Security Accounts

    On GKE on GCP: Workload Identity

    On AKS on Azure: AAD Pod Identity

    By utilising cloud-managed identities, Kore Operate is able to maintain a hardened cloud security posture over time without sacrificing the advantages of self-service.

  • Self-hosted (Not SaaS)

    Kore Operate is a self-hosted solution, installed within your own public cloud environment.

    The platform can be installed and ready to begin onboarding developers and applications in a day. Because all platform data remains in their chosen cloud environment, customers can adopt the platform confidently knowing that data privacy and sovereignty considerations are fully in their control.

  • Single-tenant Clusters

    Kore Operate is designed to assist in the separation of workloads between teams and between a single team's development and production applications using Cloud Account Automation features. This best practice limits the 'blast radius' of any failure, mistake, or security threat. In addition, cloud costs can be entirely and appropriately allocated between application teams.

    Cloud Account Automation provides automated creation of cloud accounts, projects and subscriptions on-demand when a team needs to start running their applications. Kore Operate can indicate if a cluster is ready for production, and the default rules delivered with Kore Operate create one account per team for all:

    - Non Production clusters

    - Production clusters

Our knowledge base