Guest Post: Securing the Foundation of Dynamic Data Governance at Velotix

At Velotix, we take pride in being a cutting-edge, AI-driven data governance platform. We provide organizations with the tools they need to govern structured and unstructured data dynamically and securely. As a platform that prioritizes security at every level, we’ve committed to exceeding the industry’s highest standards.

Our journey towards achieving a zero-vulnerability platform led us to adopt innovative solutions like Chainguard Images, ensuring that we maintain a trusted environment for our clients to access, analyze, and govern their data securely.

Balancing Innovation with Security

Velotix operates a high-scale system composed of various advanced services, such as Kafka for queuing, OpenSearch for indexing, and Superset for business intelligence (BI). This diversity allows us to provide an all-encompassing solution, but comes with a critical challenge: ensuring the security of every component within our platform.

As part of last year’s roadmap, we set an ambitious goal to achieve zero vulnerabilities across our entire platform and stack, from our core services to third-party libraries. This decision stems from our unwavering commitment to meeting CISO standards, maintaining client trust, and adhering to stringent production release SLAs.

However, our initial approach to mitigating vulnerabilities — relying on updated service provider images and upgrading dependencies — fell short. While these updates often resolved known vulnerabilities, we continued encountering low-severity common vulnerabilities and exposures (CVEs). At Velotix, we treat low-severity CVEs with the same urgency as critical ones. Alongside these low-severity CVEs, vendor-provided images often also contain critical-level vulnerabilities because updates are typically tied to application-level changes. Chainguard addresses this challenge by regularly recompiling their images on a scheduled basis, ensuring that infrastructure-level libraries are always up to date with the latest versions. This proactive approach significantly reduces the risk of unpatched vulnerabilities making their way into production.

The Struggle with Conventional Approaches

Before adopting Chainguard, our initial approach to reducing vulnerabilities was typical of many organizations: upgrading versions in our Java applications or switching to newer image tags provided by service vendors. While logical at first glance, this strategy quickly revealed its limitations. Even the latest image tags often contained at least one low severity vulnerability — if not also critical and high severity vulnerabilities — which service providers tended to deprioritize.

At Velotix, however, our philosophy considers every vulnerability — regardless of its severity — a potential risk to production. For us, a low CVE carries the same priority as a critical one because even minor vulnerabilities can compound into significant issues if left unaddressed. This approach presented a frustrating cycle: updating images only to discover new vulnerabilities that required further remediation. It consumed valuable engineering time, delayed production releases, and ultimately, we fell short of our goal to deliver a truly zero-vulnerability platform.

Additionally, this approach created friction with our customers, particularly their CISOs, who expressed concerns over even low severity vulnerabilities in our deliverables. These pushbacks led to repeated reassessments and prolonged remediation cycles, further straining our timelines and eroding confidence in our ability to meet compliance and security expectations.

Chainguard’s Security-First Approach: Building a Secure and Scalable Future

When we discovered Chainguard, it felt like a missing piece of the puzzle for Velotix’s security goals. Chainguard’s built-from-source secure images were an immediate improvement for us, completely eliminating 100% of the vulnerabilities in our platform’s widely-used services, giving us a solid foundation to build upon.

Chainguard Images have been a game-changer for Velotix, empowering us to transform our approach to security while staying focused on innovation. By achieving a zero-vulnerability platform across all services, we’ve set a new standard for trust and reliability in data governance. Gone are the days of chasing vulnerabilities after deployment — Chainguard’s secure-by-default images have allowed us to address issues at their root, saving time and resources.

Regulatory compliance, once a labor-intensive process, is now streamlined and straightforward. Whether it’s GDPR, HIPAA, or industry-specific standards, Chainguard Images ensure that our infrastructure not only meets, but often exceeds requirements. This gives us the confidence to engage with clients in highly regulated sectors, providing them with the assurance that their data is in safe hands.

Perhaps the most significant benefit we’ve seen is the shift in mindset among our engineering teams. Instead of being bogged down with vulnerability remediation, they’re now free to focus on creating new features and capabilities that enhance our platform’s value. This boost in productivity has accelerated our release cycles, ensuring that we remain at the forefront of innovation in the data governance space.

Moreover, Chainguard’s flexibility has been instrumental in addressing the diverse needs of our platform. We’ve been able to scale our security practices as our platform has evolved, allowing us to reinforce our position as a cutting-edge solution provider, delivering seamless and secure governance capabilities to our clients.

At its core, Chainguard has helped us strengthen the trust our clients place in us. By proactively tackling vulnerabilities and building a secure foundation for our platform, we’ve demonstrated our unwavering commitment to safeguarding their data while enabling them to unlock its full potential.

Trust as a Cornerstone of Innovation

At Velotix, security is not just a requirement — it’s a promise. Our journey to Chainguard has not only helped us achieve a zero-vulnerability platform, but also redefined how we approach security as an enabler of innovation. With Chainguard, we’re confident in our ability to provide clients with a secure, scalable, and dynamic data governance platform that meets the demands of today’s complex data ecosystems.

Looking ahead, we believe that security and trust will remain at the heart of every successful technology. By integrating Chainguard into our processes, we’re future-proofing our platform and setting a new benchmark for excellence in data governance. Together, we’re building a future where innovation thrives on a foundation of trust and security.