Company Overview

Yoti is a global leader in privacy-focused identity and age verification solutions, helping businesses and people build trust online and in the real world. Over the past 10+ years, Yoti’s market-leading technology has transformed how people verify their details, empowering people with more control over their data. Yoti is helping businesses worldwide to tackle global challenges like creating age-appropriate experiences, protecting young people online, reducing fraud and stopping deepfakes. With global experience across multiple industries - including social media, adult, retail, dating, gaming, gambling, and vaping - Yoti helps some of the world’s biggest brands to meet regulatory requirements, enhance platform safety, and build secure, seamless user experiences.

Challenge: Complex incompatibilities risking security and non-conformance 

Yoti was an early adopter of Kubernetes, having adopted it even before v1.0 was available. Yoti had an expert Cloud Operations team that supported latency-sensitive, mission-critical application services on a home-grown Kubernetes Platform. Yoti’s Platform spanned across on-prem data centers in the UK and cloud services by Amazon Web Services (AWS) in the UK, Dublin, the US, Australia, and Canada. All software teams at Yoti had to meet stringent compliance controls across multiple compliance frameworks (SOC 2, ISO 27001, ISO/IEC 27001:2022, GPG45, PAS 1296:2018, PASS, FSM). [Source: Yoti Security Page].

Yoti’s Platform comprised multiple layers: 1. Substrate (on-prem and cloud), 2. Kubernetes control plane, 3. Add-ons, and 4. Applications. There were inherent complexities, hidden dependencies, unknown incompatibilities, and breaking changes (across layers and across components). Moreover, each layer had its own unique release cycle, and the burden of staying ahead of EOL versions, avoiding incompatibilities, and validating that the Platform operated disruption-free with every new release was carried by Yoti’s Cloud Operations team. This work required tracking online communities for new versions or changes to support and compatibility policies, followed by meticulous coordination, research, and qualification to roll out new versions of the Platform.

Moreover, Yoti’s Platform supported hundreds of application services, with developers having varying levels of Kubernetes expertise. Yoti’s Cloud Operations team needed a consistent way to implement guardrails for application teams while ensuring that they were notified of nonconformance to the provided guardrails.

Yoti’s Cloud Operations team partnered with Chkk to uncover hidden dependencies and incompatibilities across hundreds of add-ons and Kubernetes versions, along with implementing guardrails for application safety, performance, and security.

Solution: Proactive notifications enabled compliance, avoid breakages and disruptions 

Yoti implemented Chkk’s Operational Safety Platform to:

• Helped Yoti ensure compliance by staying ahead of EOL versions – Chkk tracked EOL information across hundreds of Kubernetes add-ons and all major cloud providers. Yoti fully offloaded tracking of the EOL information to Chkk, thus receiving proactive alerts of upcoming EOL dates and avoiding non-compliant EOL software in staging and production environments.
  
• Avoided breakages and disruptions from incompatible versions and misconfigurations – As new versions were released, incompatibilities and misconfigurations emerged across many layers, including Application-to-Add-On, Application-to-Nodes, Add-on-to-Control Plane, Application-to-Control Plane (PDB, misconfigurations), Application-to-Control Plane (API Deprecations), Node-to-Control Plane, Add-on-to-Substrate (Cloud or On-prem), and Add-on-to-Add-on (e.g., Istio to Envoy). Chkk modeled compatibility and optimal configurations across hundreds of add-ons and multiple cloud substrates, offloading hundreds of hours of non-business-critical monitoring and automation.
  
• Increased availability and reduced complexity Learn from operational experiences of other teams – Yoti used Chkk’s Risk Ledger to gain early warnings about operational risks that had led to incidents, failures, and disruptions for other teams. Yoti’s applications had an extremely high bar for availability, and they used Chkk to save thousands of break-fix hours.

‍

"Chkk has allowed us to stay ahead of Kubernetes lifecycle challenges, significantly reducing operational overhead while ensuring compliance across multiple frameworks. By offloading version tracking and compatibility management, our team can now focus on strategic initiatives rather than firefighting upgrade issues." — Salman Khan, Team Lead, Yoti Cloud Operations.

Business Outcomes: Compliance, availability, and cost reduction 

By implementing Chkk, Yoti achieved significant operational and financial benefits:

• Improved operational efficiency – Cloud Engineering team freed up over 2,000 hours a year that would be used in building custom monitoring and automation solutions to track EOL and Compatibility information for Kubernetes substrates and add-ons running on Yoti’s Platform.
• Free up expert bandwidth – Cloud Operations team could focus on strategic initiatives rather than break-fix efforts.
• Higher compliance assurance – Timely upgrades ensured adherence to regulatory standards and mitigated non-compliance risks.‍
• Improved availability – Availability of the platform was improved as operational risks that caused incidents for other teams were reported and resolved proactively, before they caused disruptions for Yoti.

‍

"Managing Kubernetes at scale means dealing with hidden dependencies and evolving compatibility risks. Chkk’s Operational Safety Platform provides the intelligence and automation we need to proactively detect and mitigate misconfigurations, reducing break-fix hours and improving platform stability." — Gus Robinson, Platform Architect, Yoti Cloud Operations.

Takeaways: Reduce compliance risks, complexity, and costs

1. Chkk helps you manage Kubernetes complexity–Kubernetes’ unprecedented flexibility comes with inordinate complexity. A typical cluster has at least 20+ open-source add-ons with intricate dependencies and unique release cycles that must be managed by platform teams. Chkk does the heavylifting of Kubernetes add-on lifecycle management, so you don’t have to. 
2. Chkk offers insights on hundreds of common incidents – Traditional observability and troubleshooting tools are necessary but only detect issues after they occur. By leveraging Chkk’s Risk Ledger to learn from incidents in other environments, teams avoid repeating the same operational failures, preventing breakages and saving break-fix hours.‍
3. Chkk enables developers to focus on strategic initiatives – Each Kubernetes environment is unique, and building an internal safety framework is expensive and difficult to maintain. Chkk provides a centralized, always-updating knowledge base and proactive alerts, so teams don’t have to reinvent the wheel for each new risk or version upgrade.