Nirmata, the Kubernetes-native policy management engine

Nirmata’s Kyverno is an open source Kubernetes-native policy engine that enables developers to deploy and manage security and automation policies on containerized application clusters. Nirmata’s commercial offering, called Policy Manager for Kyverno, extends the solution to provide a single management plan for policies across multiple clusters, simplifying the work involved with ensuring that app development services align with DevOps compliance requirements.

Kubernetes adoption is growing steadily as companies take advantage of the business value that microservices provide, such as higher availability and faster development cycles. About 75% of enterprises already use some form of Kubernetes, and the $7.5 billion market is projected to grow with a compound annual growth rate of over 25%. 

The advantages of Kubernetes come with some trade-offs, including increased complexity in the management of infrastructure, security, and other orchestration requirements. For instance, there is a significant increase in compute overhead to run policies that govern how a cluster behaves, to ensure that applications remain secure, to maintain a certain level of service and performance, and to enforce restrictions on resource consumption.

Policies were partially addressed on the security front by Kubernetes PSP. But that solution was deprecated earlier this year, leaving a vacuum in the marketplace that Kyverno is filling. Rapid adoption of Kyverno bodes well for Nirmata’s ability to scale and grow. For example, there have been more than 5 million downloads of Kyverno in the first half of 2021, and more than 1,000 Github stars are using the platform. 

Kyverno facilitates the configuration of Kubernetes clusters by streamlining the development of network policies, resource usage, access control, and security.

The open source version of Kyverno provides security, APIs, and data access tools that enable developers to deploy and manage security and automation policies on a single cluster. The commercial version, Policy Manager for Kyverno, extends its functionality to deliver a multi-cluster policy management for Kubernetes.

Nirmata’s commercial offering includes curated policy packs that are portable across domains, enabling users to quickly deploy and configure policies. It also supports GitOps workflows for continuous integrations, which helps developers leverage Git repositories and pull models to manage and deploy policies.

Nirmata also features enterprise level security – including OIDC/SAML, RBAC – and customizable notifications that alert teams when there are policy violations. Reports can be shared easily, and the software provides remediation recommendations for violations, which reduces the time spent on troubleshooting.

The main competition for Nirmata’s Kyverno is Styra’s Open Policy Agent (OPA), which relies on developers learning Rego, a domain-specific language. Unlike OPA, Nirmata’s solution is much easier to adopt and onboard because Kyverno policies are Kubernetes resources that developers are already familiar with.

For these reasons and more, Next participated in Nirmata’s $4 million pre-series A funding round. Nirmata’s co-founders have a deep understanding of the Kubernetes marketplace – gained from more than eight years of helping companies with containerization and cloud orchestration. They also have experience working with large cloud solution providers. CEO Jim Bugwadia has experience at Cisco and Pano Logic. Ritesh Patel worked at Brocade and Nortel. And Damien Toledo has experience at NetScout Systems.

Some powerful Nirmata enhancements are also under development. One of those is policy configurations that map to mainstream regulatory compliance standards, such as SOC2 or PCI. Nirmata also will enable policy creation for Kubernetes use cases, such as 5G, edge, and machine learning workloads. A 14-day free trial of Policy Manager for Kubernetes is available for download.

Andy Duong is an investor with Samsung Next. Samsung Next's investment strategy is limited to its own views and does not reflect the vision or strategy of any other Samsung business unit, including but not limited to Samsung Electronics. 

If you’re a founder, we’d like to meet you.