Aporeto Showcases Security for Kubernetes and Istio

Cloudhands

By: Mary Jander


As this week’s KubeCon + CloudNativeCon 2019 conference got underway in San Diego, cloud security firm Aporeto underscored its support of workload verification that doesn’t rely on IP addressing. Meaning, Aporeto uses the concept of "workload fingerprinting" to authenticate users with a variety of metadata and analytics that are related to application behaviors, rather than to the network address.

The first new product is called Identity Federation for Kubernetes pods (a pod being the smallest addressable container for microservices in Kubernetes applications). It is being offered via subscribed software-as-a-service (SaaS) and will furnish what Aporeto calls “least privilege access to cloud credentials." Aporeto also offers firewall and proxy-based security based on application policy.

Securing the Mesh

Aporeto also unveiled a plug-in called Envoy, which uses X.509 public key cryptography and OAuth authorization tokens to establish a federated identity setup between an enterprise that uses Istio and internal groups or third-party partners.

Istio is an open-source mesh approach to developing cloud applications that in turn works with the techniques of microservices, containers, and Kubernetes pods. System developers can deploy Aporeto’s Envoy as an option for Istio to boost the effectiveness of DevSecOps (the concept of unifying software developers, IT, and security experts, who typically used to function in organizational “silos”).

“Aporeto … ensures all [Istio] clusters are appropriately configured and offers an opportunity for enterprises to set up some safe [guardrails] while development teams learn to use the features of Istio,” stated Shea Stewart, a partner at Arctiq, in a prepared statement. Arctiq offers consulting and implementation services for digital transformation — the kind of undertaking many attendees at this week’s KubeCon will be exploring between nibbles of taco.

Security Foremost

Aporeto is hardly alone in trumpeting the importance of security for the technologies in use for digital transformation. Security is top of mind for cloud infrastructure vendors such as Citrix, which recently unveiled a complex architecture aimed at incorporating security across virtualized environments. And Futuriom has identified an emerging market for managed services based on secure software-defined wide-area networking (SD-WAN).

Other players too are focused, like Aporeto, on securing containerized cloud applications and platforms at a more granular level. Among these are Aqua Security, Stackrox, Tigera, and Twistlock, which are all among sponsors at this week’s KubeCon + CloudNativeCon. Ole!