Overview
Every Rafay customer (e.g. enterprise) get access to their own Org. With an Org, multiple options for multi tenancy are supported for users (e.g. data scientists, ML engineers, GenAI app developers).
For every tenant, a number of critical security controls are automatically implemented and enforced to ensure that risks associated with threats such as lateral escalation etc can be blocked.
Threats & Controls¶
Click on each control in the table below for detailed information describing how the controls implemented by Rafay help mitigate the associated threat/risk.
| # | Threat/Risk | Controls | Supported |
|---|---|---|---|
| 1 | Lightweight, namespace scoped Virtual Kubernetes clusters | vCluster | |
| 2 | Prevent malicious containers from lateral escalation inside the cluster | Isolated Kata Containers | |
| 3 | Prevent malicious containers from using the data center network for lateral escalation to other hosts/services in the data center | Network Policy | |
| 4 | Prevent malicious containers from escaping the container by becoming root etc | Cluster Policy | |
| 5 | Prevent users from using more resources than allocation | Resource Quotas | |
| 6 | Network Segmentation via VPCs using Kube-OVN | Network Segmentation | |
| 7 | Prevent users from touching resources that are not theirs | RBAC | |
| 8 | Ensure only authenticated and authorized users can access resources | Secure Remote Access | |
| 9 | Ensure there is an immutable audit trail for every action | Audit Logging | |
| 10 | Ensure costs can be attached to every resource and allocated to users | Cost Visibility & Allocation |