Aporeto Showcases Security for Kubernetes and Istio
As this week’s KubeCon + CloudNativeCon 2019 conference got underway in San Diego, cloud security firm Aporeto underscored its support of workload verification that doesn’t rely on IP addressing. Meaning, Aporeto uses the concept of "workload fingerprinting" to authenticate users with a variety of metadata and analytics that are related to application behaviors, rather than to the network address.
The first new product is called Identity Federation for Kubernetes pods (a pod being the smallest addressable container for microservices in Kubernetes applications). It is being offered via subscribed software-as-a-service (SaaS) and will furnish what Aporeto calls “least privilege access to cloud credentials." Aporeto also offers firewall and proxy-based security based on application policy.
Securing the Mesh
Aporeto also unveiled a plug-in called Envoy, which uses X.509 public key cryptography and OAuth authorization tokens to establish a federated identity setup between an enterprise that uses Istio and internal groups or third-party partners.
Related Articles
HPE and Pensando Rack Up New Distributed Switch
Partners HPE and Pensando launch a "distributed services switch" comprising an Aruba top-of-rack switch with Pensando's DPU to secure traffic in hybrid cloud environments
Why Cisco Is Buying IsovalentCisco will acquire Isovalent, a startup that brought eBPF technology for cloud-native networking into the enterprise mainstream
How Big Is WebAssembly?WebAssembly is a lightweight application platform that could significantly boost the speed and efficiency of cloud applications. So what's happening with it?
Istio is an open-source mesh approach to developing cloud applications that in turn works with the techniques of microservices, containers, and Kubernetes pods. System developers can deploy Aporeto’s Envoy as an option for Istio to boost the effectiveness of DevSecOps (the concept of unifying software developers, IT, and security experts, who typically used to function in organizational “silos”).
“Aporeto … ensures all [Istio] clusters are appropriately configured and offers an opportunity for enterprises to set up some safe [guardrails] while development teams learn to use the features of Istio,” stated Shea Stewart, a partner at Arctiq, in a prepared statement. Arctiq offers consulting and implementation services for digital transformation — the kind of undertaking many attendees at this week’s KubeCon will be exploring between nibbles of taco.
Security Foremost
Aporeto is hardly alone in trumpeting the importance of security for the technologies in use for digital transformation. Security is top of mind for cloud infrastructure vendors such as Citrix, which recently unveiled a complex architecture aimed at incorporating security across virtualized environments. And Futuriom has identified an emerging market for managed services based on secure software-defined wide-area networking (SD-WAN).
Other players too are focused, like Aporeto, on securing containerized cloud applications and platforms at a more granular level. Among these are Aqua Security, Stackrox, Tigera, and Twistlock, which are all among sponsors at this week’s KubeCon + CloudNativeCon. Ole!
Related Articles
Elisity Unveils Zero Trust Access for Hybrid Clouds
Elisity emerges from stealth mode with a virtualized mesh for securing access to all elements of hybrid networks.
In areas such as earnings reports, infrastructure additions, and gen AI investments, AWS, Azure, GCP, and OCI are both pulling ahead and getting left behind
Why Kong Got $100 MillionIt was reportedly easy money for an API gateway in hot demand.