Use-Case Scenarios

See how teams across industries use KafkaGuard to enforce security policies, pass audits, and integrate compliance into their workflows.

Financial Services: PCI-DSS Compliance Across 12 Production Clusters

A financial services engineering team manages 12 production Kafka clusters that process payment card transactions. Regulatory requirements demand PCI-DSS compliance validation on every cluster.

Challenge: Manual compliance checks were taking two full-time engineers an entire quarter to complete across all clusters. Audit evidence was inconsistent and hard to reproduce.

Solution with KafkaGuard:

  • Ran kafkaguard scan --policy pci-dss against all 12 clusters in a single afternoon
  • Generated HTML compliance reports mapped to specific PCI-DSS controls (e.g., Requirement 4 for encryption in transit, Requirement 7 for access controls)
  • Identified 23 misconfigured ACLs and 4 clusters missing TLS enforcement
  • Provided auditors with reproducible, timestamped evidence for each control

Result: The team went from quarterly manual reviews to automated weekly scans, reducing compliance preparation time by over 90%.

DevOps Team: KafkaGuard in the CI/CD Pipeline

A platform engineering team needed to prevent insecure Kafka configurations from reaching production. Developers were provisioning new topics and clusters through Infrastructure-as-Code, but there was no security gate.

Challenge: Misconfigurations (open ACLs, plaintext listeners, missing authentication) were discovered only after deployment, leading to emergency remediation and delayed releases.

Solution with KafkaGuard:

  • Added kafkaguard scan --policy enterprise-default --format json --exit-code as a step in their GitHub Actions pipeline
  • Configured the pipeline to fail on any CRITICAL or HIGH severity findings
  • Developers received immediate feedback on security issues before merge

Result: Security issues are now caught at pull-request time instead of post-deployment. The team eliminated all production security incidents related to Kafka misconfiguration within the first month.

Security Team: SOC2 Audit Report Generation

An information security team needed to demonstrate SOC2 Trust Service Criteria compliance for their Kafka-based event streaming platform during their annual audit.

Challenge: The team had no automated way to map Kafka infrastructure configuration to SOC2 controls. They were manually documenting evidence in spreadsheets, which was error-prone and time-consuming.

Solution with KafkaGuard:

  • Used kafkaguard scan --policy soc2 --format html to generate audit-ready reports with control-level mapping
  • Scanned all staging and production clusters monthly, archiving results for the audit trail
  • Used JSON output to feed findings into their GRC (Governance, Risk, and Compliance) platform

Result: Auditors accepted KafkaGuard reports as primary evidence for Kafka-related SOC2 controls. The security team reduced audit preparation from 3 weeks to 2 days.

Get Started

These scenarios reflect common patterns we see across KafkaGuard users. To try it yourself: