Compliant Kubernetes Service

Get the scalable power of Kubernetes in a secure cluster

Get Started

The Datica promise brought to a
Kubernetes service

If you're working within a regulated industry like healthcare, you have almost zero options when it comes to using Kubernetes — either you manage the control plane, the operating system and the underlying infrastructure to maintain the flexibility required for compliance, or you risk falling out of compliance by using an existing managed service. Datica changes all of that.


Complete Kubernetes compliance

CKS is a compliant managed Kubernetes service for regulated industries. In addition to managing the cluster control plane, CKS configures the underlying operating system and instances, and installs, configures, and manages a set of deployments required to achieve compliance.

icon-check-circle Created with Sketch.

The most secure Kubernetes cluster available

Deployments include logging, monitoring, intrusion detection, antivirus software, and more. In addition to the technical configuration, Datica assumes the liability for the complete stack within our BAA, something not available or possible with any other managed Kubernetes offering. CKS functions like any other Kubernetes cluster—but one that comes pre-configured for compliance and security out of the box.

CKS illustration diagram with triangle art background

Core Compliance

With the underlying infrastructure, operating system, and control plane locked down, CKS delivers an experience that feels like a standard Kubernetes cluster, but one that gets you HIPAA, HITRUST CSF, GxP, GDPR and more, with no additional configuration or work on your end.

Operating System

CoreOS is a container-only linux distribution. Datica installs, maintains and patches CoreOS as the central operating system for all CKS clusters.

Container Runtime

CRI-O is the first and only container-runtime specifically designed for Kubernetes and can run containers built by Docker, as well as any other OCI compliant image builder.


CKS is configured with flannel and nginx-ingress for encrypting network traffic. These tools provide a mature, secure solution to networking with a healthy community of supporters.


Logging is a central component of managing compliance in the cloud. Datica deploys an Elasticsearch, FluentD and Kibana (EFK) stack with all clusters.


CKS ships with a Prometheus instance to handle cluster monitoring, specifically CoreOS’s prometheus-operator, with a Grafana dashboard for visualizing activity.

Vulnerability Scanning

Vulnerability scanning is performed centrally by Datica on all CKS clusters using Nessus.

Intrusion Detection

Datica uses Wazuh to help us detect intrusions. Alerts are sent directly to Datica’s security team for evaluation and handling, including direct customer notification as necessary.

Volume Backups

CKS will automatically backup all volumes contained in a cluster. These backups are encrypted and cross region replicated.


Security & Compliance Services

Datica is the industry leader for compliance on the cloud. We provide our CKS customers a suite of professional services that ensure their success on the cloud.

Cloud Native Security Consulting

Datica provides services to maximize your success with using Kubernetes in your cloud account, including specific training on the security and compliance implications of Kubernetes, containers, and microservices.

Cloud Compliance Onramp

We work closely with CKS customers to help them adapt their security and compliance policies to the cloud and CKS, as well help them make informed decisions about the non-CKS cloud services they want to leverage for their cloud workloads.

Cloud Compliance Training

Configuring, deploying, and managing cloud workloads requires new thinking, and new training and education. Datica offers cloud training services tailored to your organization and users, be they operators, compliance officers, or software developers.

Datica's shared responsibility model

With Datica’s Cloud Compliance Management System, we ensure both the cluster and the underlying infrastructure on your cloud account are secure and compliant to the highest standards across an ever-growing list of frameworks and regimes.

Shared ResponsibilityShared Responsibility Diagram

Customer Success

We were dying to use the cloud but were really stuck: We knew we wanted to use Amazon Web Services (AWS) but there were all these things we couldn’t do to make that work, like HIPAA compliant DevOps, HITRUST, and infrastructure security. Datica puts us in the situation where we can get back to our core competency because they handle everything we need to be able to use AWS.

David Deas
David Deas

Corporate Director, Innovation and Knowledge Analytics

Methodist Le Bonheur Healthcare

A shared vision for the future of healthcare

Cordata Logo

Cordata Gains Compliance Confidence from Clients and Investors with Datica

We are seeking to build confidence with many stakeholders. When I mention Datica, I get nods of recognition and no more questions asked about infrastructure.

Gary Winzenread
Gary Winzenread
CEO and President
Zipnosis Logo

Zipnosis: Scalable, compliant integration with any EHR

They met our goals, and, along the way, we discovered that Datica shared our view about the next generation of healthcare integration.

Derek Rockwell
Derek Rockwell
Director of Engineering
Metabahn Logo

Metabahn: Digital Agency Identifies Solution to Healthcare Industry Barriers

Datica quickly became the only option for us.

Bryan Powell
Bryan Powell
Founder and CEO

Schedule a conversation to learn more about Datica Compliant Kubernetes Service.

The Datica team is helping us solve critical infrastructure and scaling problems faster and more competently than we can in-house.
Jon Pearce

Jon Pearce

CEO, Zipnosis