www.tetrate.io Open in urlscan Pro
75.119.195.116  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.tetrate.io/

<form role="search" method="get" action="https://www.tetrate.io/" class="search-form" data-hs-cf-bound="true">
  <input type="search" class="search-field" placeholder="Search..." value="" name="s" title="Search for:">
  <button type="submit" class="search-submit" title="Search">SEARCH</button>
  <input type="hidden" name="lang" value="en">
</form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

We won't track your information when you visit our site. But in order to comply
with your preferences, we'll have to use just one tiny cookie so that you're not
asked to make this choice again.

Accept Decline

GET DEMO
 * 


 * Products
   *  * Tetrate Service Bridge
        Application connectivity platform
        
        
        
         * Product Overview
         * Think in App SCOR
         * Benefits
         * FAQ
     
      * Tetrate Cloud
        Fully managed Tetrate Service Bridge
      * Tetrate Istio Subscription
        Enterprise-grade Istio
 * Documentation
 * Blog
 * Resources
   *  * Tetrate Academy
        Certification and free online courses
      * Tetrate Library
        Whitepapers, podcasts, guides and more
      * Zero Trust Architecture
        End-to-end application security
      * Free eBook: SkyWalking
        Your guide to observability at scale
      * Guides
        Learn more about products and technologies
        
        
        
         * Istio Service Mesh
 * Company
   *  * About Us
        The Tetrate chronicles
      * Partners
        Tetrate partner network
        
        
        
         * National Institute of Standards and Technology (NIST)
         * Amazon Web Services (AWS)
     
      * Events
        Webinars, conferences, and meetups
      * Careers
        We are hiring!
      * Open Source
        Our contributions and projects
      * Press
        Media coverage and announcements
      * Contact Us
        Get in touch and let’s talk
 * * 








Keep up with the latest from us

blog
Case studies


CASE STUDY: HOW FICO GOT ENCRYPTION AND PCI COMPLIANCE WITH ISTIO SERVICE MESH

December 21, 2020

Service mesh architecture provides a rich set of features for controlling and
securing communications among services. Encryption in transit is a feature that
will be critical for financial institutions and other industries working within
regulatory frameworks, including PCI, HIPAA, and others. 



For financial institutions moving to microservices-based architectures, they
must maintain their compliance with rapidly evolving regulations and industry
standards. FICO is a data analytics company best known for producing the most
widely-used consumer credit scores that financial institutions use in deciding
whether to lend money or issue credit. FICO has migrated several core
applications, including myFICO.com and its flagship analytics platform, the
Decision Management Suite (DMS), to AWS.

> FICO started using Istio and rolled it out on their data management platform
> in 2019. They had the internal expertise to move to Kubernetes workloads, but
> they had noticed performance issues and sought out Tetrate’s expertise to
> address the complexities of operationalizing Istio for PCI compliance. 


THE PROBLEM

FICO started to move from a monolithic architecture to using microservices, and
they needed to ensure that their new environment would maintain the same
standard of PCI compliance as their legacy infrastructure. 

PCI compliance mandates that all data is encrypted in transit and remains
encrypted when ‘at rest’ in databases. FICO’s engineering teams were well
skilled in Kubernetes but needed assistance to successfully implement the Istio
control plane in their environment that would enable the data encryption they
needed, including mutual TLS (mTLS) and certificate management and rotation.

FICO was already aware of the power of Istio and had started to implement it
within their environment before engaging with Tetrate. They knew that service
mesh would provide an easy, language-agnostic way to ensure all traffic is
encrypted in transit but wanted the knowledge and expertise that Tetrate could
provide to ensure that they were following industry best practices, and could
successfully operationalize mTLS at scale. 


THE SOLUTION

Tetrate was able to accelerate FICO’s move to microservices and use of Istio in
production by providing training and consulting on container security, Istio’s
security capabilities, and compliance. Tetrate supported FICO in securing their
workloads using mTLS, and expanded their knowledge of Istio to ensure that they
were able to operate independently as their environment and utilization of
microservices continued to grow. 

During the initial consultation phase as Tetrate were getting to know the FICO
environment, they discovered that FICO’s control plane performance was a major
issue. The setup they had for PCI compliance wasn’t optimized for resource
utilization – they were routinely using 160 pods to support their control plane.

In addition, FICO and Tetrate were able to work together on bridging the gap
between enterprise organizations and the Open Source community, by taking
existing issues and bugs that FICO had raised, and ensuring that they were
triaged and received the necessary attention to resolve the problems they’d
experienced. 

Tetrate is further working with FICO to move their egress from Squid to Envoy to
improve performance, resilience, and failover.


IMPACT

The impact of FICO’s partnership with Tetrate:

 * Encryption in transit (PCI Compliance) via successful implementation of Istio
 * Accelerated resolution of issues in community OSS
 * Unexpected Resource Optimization and Utilization Improvement
 * Foundation for success for migrating applications to microservices
 * Operational efficiency and infrastructure cost optimization
 * Knowledge transfer and domain awareness from industry experts

With assistance from Tetrate, FICO was able to reduce pod utilization by 90
percent by upgrading Istio and altering the load limits on Envoy sidecars.

The FICO and Tetrate partnership will have a long-lasting impact on the
business:

> “Thanks to Tetrate’s actionable recommendations, we’ve achieved significant
> improvements in all the areas we’ve sought to improve by adopting Istio: PCI
> compliance, resource utilization, and operational efficiency,” said FICO VP of
> Engineering Jeet Kaul. “Tetrate’s team has strong expertise, and with their
> support we look forward to extending service mesh to additional use cases.“

Tetrate content writers Eileen AJ Connelly, Tevah Platt, Sean O’Dell, and Tia
Louden contributed to this article.


AUTHOR(S)

 * Tetrate

Search
SEARCH
Subscribe to our blog




Categories
 * ABAC 1
 * Announcements 11
 * Apache SkyWalking 17
 * API Gateway 3
 * AWS 10
 * Careers 26
 * Case studies 9
 * CVE Fixes 5
 * Design 1
 * Envoy proxy & GetEnvoy 35
 * Events 23
 * Funding 1
 * GetIstio 1
 * Istio 62
 * Kubernetes 19
 * NGAC 3
 * Observability 13
 * Open Source 51
 * Remote Learning 1
 * Resiliency 1
 * Security 25
 * Service Mesh 50
 * Tetrate 80
 * Tetrate Service Bridge 11
 * Wasm 3
 * Zero Trust 6

Products
 * Tetrate Service Bridge
 * Tetrate Cloud
 * Tetrate Istio Subscription

Resources
 * Tetrate Academy
 * Tetrate Library
 * Zero Trust Architecture
 * Free eBook: SkyWalking
 * Blog

Company
 * About Us
 * Partners
 * Events
 * Careers
 * Open Source
 * Press
 * Contact Us

Copyright © Tetrate 2021. All rights reserved. Terms and Conditions and Privacy

X
Download the Special Report