ControlPlane specialises in unlocking cloud and container technologies for regulated industries and complex deployments.

We have over 200 years of combinated cloud native security expertise and the talent to solve your hardest security problems. Deep community and industry links ensure we deliver best-of-breed solutions optimised to the nuances of your use case, and we focus on ensuring your success.

Detect: Know Risks First

Threat Modelling

Identify potential security threats to Kubernetes and other container-based systems, and implement appropriate security controls and measures to mitigate these risks.

We built the first threat models for Kubernetes and lead community CNCF threat modelling under the Linux Foundation.

Threat model full or partial systems, infrastructure proposals, and individual software services. Duration dependent on scoping, timeboxing, or depth of complexity:

  • 1 or 2 day workshop
  • 1 to 2 week writeup
  • Presentation and next steps meeting

Request a threat model quote or ask about Threat Modelling Kubernetes training.

Kubernetes & Cloud Penetration Testing

Test Kubernetes and cloud-native systems to identify vulnerabilities and potential security risks. See our process in detail.

We support:

  • Kubernetes and associated services
  • EKS and AWS cloud testing
  • GKE and GCP cloud testing
  • AKS and Azure cloud testing
  • On-prem and airgapped systems

We have fixed price and time-based offerings: ask for a scoping session.

Supply Chain Security

Protect organisation’s supply chain from potential security threats, by implementing security measures and best practices.

We’re building Software Factories and Open Source Ingestion projects. See conference presentations from customers and colleagues:

We can evaluate and scaffold your Open Source supply chain security remediation solution. Ask how we reduce supply chain risk.

Architecture, Assurance & Maturity Assessment

Evaluate security posture, including security architecture and processes, to identify potential weaknesses and areas for improvement.

  • Review of cluster security controls
  • Analysis of system security threats
  • Evaluation of organisation-wide security posture

Detailed assessments based on industry standards. Request an assessment.

Security Roadmapping

Help to identify and prioritise security initiatives, including an assessment of risks, threats, and vulnerabilities.

  • Built from a quantifiable threat model
  • Strategic and tactical goals to satify audit and grow maturity
  • Achievable milestones with key values to measure success

See how we can help.

Correct: Secure by Design DevOps and Security

Secure Platform Engineering & Development

Develop secure software delivery platforms and applications. Designed to be resistant to attacks and minimise the risk of data breaches or other security incidents.

  • Cloud native solutions using the best of the cloud provider offerrings
  • Identify, measure, and remediate platform risks
  • Integrated guard rails
  • Developer experience focus balanced with security requirements

Platform Engineering doesn’t need to be difficult. Request a quote.

Hardened, Fast CI/CD Pipelines

Implement secure and efficient continuous integration and continuous delivery (CI/CD) pipelines, which are a key component of modern software development practices.

  • Tekton Pipelines with Chains and secure supply chain attestation
  • Evidence lakes for audit data recall
  • Securely reduced cycle time for happier developers

Ask about our private case studies.

Operational Automation

Automate routine tasks and processes for infrastructure, which helps to improve efficiency and reduce the risk of human error.

We do it right, first time, and transfer the skills your team needs to succeed. Ask for a services quote.

Telemetry & Sensors

Collect and analyse data from sensors and other sources, used to identify potential security threats or performance issues.

Security automation is built on solid DevOps. We do both, well. Find out how.

Protect: Stay Secure and Nurture Your Talent

Breach Simulation

Simulate a security breach to test incident response plans and identify areas for improvement.

  • Real infrastructure
  • Secure security sandboxes
  • Unlimited testing and training

We run the official CTFs for Kubecon. Watch how we teach people security with a host of cloud native security experts, and ask us for a quote specific to your systems.

Cloud Native Training Curriculum

Focuses on the development and deployment of cloud-native applications and systems, which are designed to take advantage of the scalability and flexibility of cloud-native computing.

We are long-time cloud native trainers, from Docker and Terraform through Kubernetes and Service Mesh, and have trained the world’s biggest organistaions under contract to SANS, O’Reilly, The Linux Foundation, and more.

We care about imparting knowledge that remains relevant and sticks with your team. See our training courses or discuss your training needs.

Purple Team Training

Combine elements of both red team (offensive) and blue team (defensive) security testing to improve security posture.

  • Learn by hacking to build better defence
  • Share responsibility for security amongst your teams

Talk to us about cross-functional security teams.

Zero Trust Systems

Implement a security model that assumes all users, devices, and applications are untrusted, and requires authentication and authorisation for every access attempt, in order to minimise the risk of unauthorised access or data breaches.

  • Remove passwords and replace them with 45m-expiry credentials
  • Encryption in transit, signing at rest, federated identity

See what we can do with Zero Trust.