As Aporeto continues to attract attention within the cloud security world, we find ourselves with more opportunities to explain ourselves. We also find new groups of experts examining and assessing what it is we do. Sometimes, this attention comes in the hottest form of digital media: the podcast.
To start centralizing and archiving our audio appearances, we have started our Aporeto Soundcloud page. Here, we will gather all podcasts where Aporeto is discussed, from our internal team as well as other media outlets.
To kick things off, we have three informative Aporeto-related recordings that address the state of today’s hybrid cloud security and key considerations for your organizations cloud application migration strategy.
The first is a briefing from the leading networking and infrastructure engineering podcast, Packet Pushers. In this podcast episode, Ethan Banks, Author of Packet Pushers, does a fantastic job of outlining why Aporeto is such a unique cloud security solution.
Banks discusses microsegmentation, whitelisting and other key concepts in a solid and concise way. Then he explains the Aporeto stance that “securing workloads is a security problem of its own, not one to dump onto network infrastructure.” He goes on to explain why, “if you’re looking for security in your diverse application environment that does much more than simple L4 filtering, you need to consider Aporeto.”
The second audio appearance currently hosted on the Aporeto Soundcloud features our very own Dimitri Stiliadis, Aporeto Co-founder and CTO. Recently, at the O’Reilly Velocity AI Conference 2019, Dimitri delivered a keynote talk about Aporeto’s product philosophy. Afterwards, he discussed with Thelen Blum, Aporeto’s Director of Product Marketing, key takeaways from the show and how Aporeto is addressing several of these cloud security needs.
Dimitri reflected on an exciting conference, and said that he’d heard a ton of great discussions about scaling distributed systems and scaling infrastructure. More specifically, scaling the reliability of their infrastructure, particularly in relation to Kubernetes.
Thelen mentioned that many developers were very intrigued at the idea of getting rid of their SSH keys, and offloading authorization and authentication. This was part of a bigger discussion about service mesh. “There is a healthy debate taking place about what the concept of a service mesh means,” said Dimitri, “and what approach should be taken to achieve certain goals.”
“By decoupling and offloading critical functions, whether it’s logging or load-balancing or (as in Aporeto’s case) security, then app development becomes simpler and potentially more secure. The debate is centered on where the boundary is; what should go inside the application code, and what should go outside. Some people believe that you should offload as much as you can; some people think with this you risk losing control.”
Whatever approach you take with service mesh, Dimitri stressed that Aporeto’s vision of security is the only one appropriate for the modern cloud era:
“The concept of identity should be at the core of the security of any distributed system. We shouldn’t do security in the cloud the same way we do it in an enterprise, behind a firewall and a closed network. We should have no logins, no passwords, no API keys. No more secrets at all. We can track a route of trust that is secure and scalable. Eliminate, simplify, delegate and automate: these should be the principles of security.”
Listen to the podcast to get more insights on the direction of cloud security from Dimitri.
In the third podcast, Dimitri Stiliadis, Aporeto CTO, provides detailed insights as to what really happened during the Capital One data breach on July 30, 2019 that affected 106 Million customers and applicants, making it one of the largest data breaches of a big bank. Dimitri shares the root cause of this breach due to the exploitation of a well-known class of security vulnerabilities that are based on security relying on credentials and secrets.
He explains how the threat vector of lost public-cloud role credentials can become even worse if your organization has a hybrid cloud environment, allowing the attacker to access not only your VPC, but your corporate private network as well.
Dimitri states; “Your cloud is only as secure as the credential protecting it. The only effective and realistic way to limit access to metadata APIs is to completely rethink how you manage the distribution of credentials to applications and cloud workloads.”
Keep checking our Aporeto Soundcloud channel for the latest insights on Zero Trust hybrid cloud security solutions.