Financial Services

Regulatory oversight is a hallmark of the financial industry. Cilium's detailed traffic monitoring and logging mechanisms support institutions in establishing transparent audit trails, complying with stringent regulations, and conducting forensic investigations.

The world of fintech revolves around APIs – from mobile banking apps to trading platforms. Cilium's API-aware network security ensures that these critical APIs can be secured, empowering teams with the toolsets needed to understand and guard against malicious patterns in API calls. Cilium supports L7 policies (e.g., allow HTTP GET /foo) for fine-grained access control to shared API services running common cloud native protocols like HTTP, gRPC, Kafka, etc. Cilium also supports deny-based, cluster-wide, and host-layer firewall network policies.

With Cilium, companies in the financial services industry can achieve improved observability, maintain security controls, and weave compliance and security governance for Kubernetes environments directly into the DevOps process.

ebeedex excel bee
We started by looking at some other tools, and we first used [the cloud provider CNI]. But we found that Cilium, with its host-based policies and its ability to replace what we had out of the box, was really valuable.
Anne Zepecki Team Lead for the BQuant Enterprise Identity Management team

Bloomberg successfully enhanced the security and access control of its BQuant Enterprise workloads through the implementation of robust network security measures.

read the case study

“Always On” Workload Analysis for Continuous Compliance

In a highly regulated industry such as financial services, ensuring that software and systems comply with these regulations is a constant challenge for development and operations teams. Cilium empowers teams with tools to ensure continuous compliance with standards like FIPS, PCI DSS, Open Banking, and SOC 2 by offering real-time monitoring and analysis of workload communication to identify non-compliant connections. It emphasizes encryption, traffic analysis, and full-stack monitoring without imposing performance constraints, ensuring confidentiality, integrity, and availability in regulated environments.

Cilium continuous compliance image
x12kFaster Pod startup

Post Finance one of Switzerland's leading financial institutions uses Cilium for Cloud Native Networking

watch the case study

Enforce Zero-Trust Security with Ease. No Disparate Tools, No Performance Hits

Adopting a Zero Trust-based approach to network security architecture is essential for companies in the financial service industry to maintain compliance with stringent regulations and keep customer data secure.

Cilium provides a unified tool that implements a range of features to enforce Zero Trust networking security principles. These features include identity-aware service to service communication and observability, advanced network policies with native HTTP and DNS protocol support, transparent encryption, and using in-kernel IPsec or WireGuard. Enforcement of TLS via Network Policy allows operators to restrict the allowed TLS SNIs in their network, and provide a more secure environment.

Tetragon provides powerful security observability and real time enforcement guardrails. Cilium offers broad cluster-wide network policies that can be mixed with Tetragon tracing policies for more specific protocol controls like system calls, TCP/IP, file access, and namespace privilege capabilities.

cilium TLS keys and certificate illustration

Weave Compliance and Security Throughout the DevOps Process

By moving from IP to identity, Cilium empowers you to free your security and operations teams from the need to manually review and audit every policy change. Cilium's native integration with the Kubernetes ecosystem enables it to seamlessly weaves compliance and security governance into the DevOps process. For example, operators can write network policies based on namespaces or labels rather than hardcoding IPs.

cilium TLS keys and certificate illustration

Join Global Financial Leaders in the Cloud Native Networking Revolution

post finance office

Post Finance picks Cilium for Cloud Native Networking

Cilium helped the Post Finance team build a scalable Kubernetes platform which meets the demanding requirements to run mission-critical banking software in production.

Watch The Case Study
capital office building

How Capital One used eBPF and Cilium to build a secure, maintainable PaaS

Capital One leveraged Cilium to build a multi-tenant platform meeting all its requirements for security, maintainability, network visibility, and scale.

Watch The Talk
robinhoo office building

More Churn No Problem: Lessons Learned Running Cilium in Production

Robinhood's war stories from running Cilium in a high-churn near-production environment, learn how they overcame challenges by better understanding and tuning Cilium.

Watch The Talk
Sicredi logo on a wall

Strengthening Security Across Distributed Kubernetes Clusters

Sicredi, Brazil's largest credit union, leverages Cilium to reduced operational and maintenance complexity while increasing performance across clouds and on premise.

Watch the Talk
form3 office building

Building a Resilient Payments Platform with Cilium

Form3 integrated Cilium into their platform as their primary solution for networking, security, and observability, enabling them to meet their FPS gateway business requirement of seamlessly switching between data centers without any downtime.

Read The Case Study
Rabobank office building

Self-service, Zero Trust Network Security

Rabobank leverages Cilium to enable zero-trust networking, significantly improving the security and enabling self-service in their financial API platform.

Read The Case Study

Cilium’s Solutions for Financial Services

Transparent Encryption

Elevate compliance and lower risk with Cilium transparent encryption. With just one switch, no application changes, service meshes or additional proxies

Learn more

Network Policy

Maintain identity based policies effectively at scale with Cilium’s advanced network polices

Learn more

Egress Gateway

Present a group of cloud native workloads from a stable IP address to integrate with traditional firewalls

Learn more