ControlPlane specialises in unlocking cloud and container technologies for regulated industries and complex deployments.
We have over 200 years of combinated cloud native security expertise and the talent to solve your hardest security problems. Deep community and industry links ensure we deliver best-of-breed solutions optimised to the nuances of your use case, and we focus on ensuring your success.
Identify potential security threats to Kubernetes and other container-based systems, and implement appropriate security controls and measures to mitigate these risks.
We built the first threat models for Kubernetes and lead community CNCF threat modelling under the Linux Foundation.
Threat model full or partial systems, infrastructure proposals, and individual software services. Duration dependent on scoping, timeboxing, or depth of complexity:
Request a threat model quote or ask about Threat Modelling Kubernetes training.
Test Kubernetes and cloud-native systems to identify vulnerabilities and potential security risks. See our process in detail.
We support:
We have fixed price and time-based offerings: ask for a scoping session.
Protect organisation’s supply chain from potential security threats, by implementing security measures and best practices.
We’re building Software Factories and Open Source Ingestion projects. See conference presentations from customers and colleagues:
We can evaluate and scaffold your Open Source supply chain security remediation solution. Ask how we reduce supply chain risk.
Evaluate security posture, including security architecture and processes, to identify potential weaknesses and areas for improvement.
Detailed assessments based on industry standards. Request an assessment.
Help to identify and prioritise security initiatives, including an assessment of risks, threats, and vulnerabilities.
Develop secure software delivery platforms and applications. Designed to be resistant to attacks and minimise the risk of data breaches or other security incidents.
Platform Engineering doesn’t need to be difficult. Request a quote.
Implement secure and efficient continuous integration and continuous delivery (CI/CD) pipelines, which are a key component of modern software development practices.
Ask about our private case studies.
Automate routine tasks and processes for infrastructure, which helps to improve efficiency and reduce the risk of human error.
We do it right, first time, and transfer the skills your team needs to succeed. Ask for a services quote.
Collect and analyse data from sensors and other sources, used to identify potential security threats or performance issues.
Security automation is built on solid DevOps. We do both, well. Find out how.
Simulate a security breach to test incident response plans and identify areas for improvement.
We run the official CTFs for Kubecon. Watch how we teach people security with a host of cloud native security experts, and ask us for a quote specific to your systems.
Focuses on the development and deployment of cloud-native applications and systems, which are designed to take advantage of the scalability and flexibility of cloud-native computing.
We are long-time cloud native trainers, from Docker and Terraform through Kubernetes and Service Mesh, and have trained the world’s biggest organistaions under contract to SANS, O’Reilly, The Linux Foundation, and more.
We care about imparting knowledge that remains relevant and sticks with your team. See our training courses or discuss your training needs.
Combine elements of both red team (offensive) and blue team (defensive) security testing to improve security posture.
Talk to us about cross-functional security teams.
Implement a security model that assumes all users, devices, and applications are untrusted, and requires authentication and authorisation for every access attempt, in order to minimise the risk of unauthorised access or data breaches.