On-Prem Case Study

Orange Business

Enhancing security and compliance in a sovereign cloud environment
Orange Business

Orange Business is a global technology company that helps companies achieve their business goals, regardless of the type of cloud solution they want. With more than 20 years of experience in delivering secure and stable operation of business-critical solutions for large Norwegian customers. Orange Business uses reliable and innovative methods to give customers a competitive advantage.

icon
Company size 1001-5000 employees
icon
Industry Telecommunications & Cloud Services

Security and Compliance for Sovereign Cloud

The Challenge

Operating in a sovereign cloud environment, Orange Business needed a way to ensure continuous security and compliance for its containerized applications without sacrificing agility or developer productivity.

Orange Business wanted to avoid misconfigurations, exposed secrets, and unpatched container images, which posed potential risks. To deal with these they used manual checks, which are error-prone and time-consuming. As the team increasingly adopted GitOps with ArgoCD, they sought a solution that could tightly integrate with their CI/CD pipeline and provide actionable insights.

The Solution

Orange Business implemented the ARMO Platform, an enterprise-grade security and compliance solution built on the open-source Kubescape, now a CNCF incubating project. Unlike typical scanners, ARMO combines vulnerability detection with misconfiguration checks, providing holistic visibility into Kubernetes clusters and containerized applications.

ARMO was deployed on-premises to meet sovereign cloud requirements – an architecture few tools can support out-of-the-box.

In addition to internal use, Orange Business offers ARMO Platform as the default security solution for its Managed Kubernetes Service (MKS) customers, extending the same level of protection, visibility, and compliance to their clients.

How It Works

The platform scans all cluster and containers components:

  • Container images for known CVEs
  • Configuration files for security best practices
  • Permissions, resource limits, and secrets for compliance gaps

ARMO’s Attack Path View prioritizes issues that could realistically be exploited—such as privilege escalation or denial-of-service vectors—helping security teams focus on what truly matters.

Real-World Impact

In a recent internal test, ARMO flagged several critical issues in a service deployment:

  • Database credentials stored in plaintext
  • Lack of resource limits
  • Unsigned container images
  • Superuser privileges
  • Privilege escalation not explicitly disabled

The team made the recommended fixes in Git and pushed the changes via ArgoCD. Within minutes, the updated service was deployed, and a re-scan confirmed improved compliance and fewer vulnerabilities.

Continuous Improvement, Built-In

ARMO is now integrated into Orange Business’s CI/CD process, supporting a DevSecOps approach where security is part of every deployment. Each scan informs incremental improvements, rather than overwhelming teams with endless checklists.

On-Premises Deployment

Supports sovereign cloud infrastructure with full data control.

Actionable Security Insights

Misconfiguration and vulnerability scans with clear remediation steps.

GitOps-Friendly

Easily integrates with Git workflows and tools like ArgoCD.

Compliance Frameworks Out-of-the-Box

Includes NIST, NSA-CISA, MITRE, and ARMO’s own stringent baseline.

Prioritized Risk View

Attack paths highlight exploitable weaknesses, not just theoretical ones.

Security is never finished, but ARMO makes continuous improvement simple and measurable.

image icon
Erlend Hoel Senior Systems Engineer, Orange Business

ARMO doesn’t just point out problems – it gives human-readable recommendations we can apply directly in our Git repos.

author label
Erlend Hoel Senior Systems Engineer, Orange Business
logo

Watch a Demo

Watch Now
slack_logos Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest