Software Defined Security Decoupled from Network and Infrastructure

By: Maria Bledsoe 11.21.2018
Software Defined Security Decoupled from Network and Infrastructure

Multi-cloud, hybrid cloud, and multi-technology stacks pose significant demands to security that cannot be accomplished with network centric solutions. Security enforcement whether in middle-boxes or distributed in hosts, often based on IP addresses and port numbers, tunnels, and traffic tromboning is falling apart under the weight of requirements for dynamic, scale-out workloads spread across clouds and administrative domains.

Aporeto is introducing a radical, yet simple approach based on cryptographic application identities and end-to-end authentication and authorization. This application centric model completely decouples security from the network and the infrastructure and dramatically reduces operational costs both for security and the network itself.

In this proof-of-concept we will demonstrate access control capabilities at L3-L7 without the added complexity of tunnels, IP addresses, and gateways, across multi-cloud and hybrid cloud environments and across traditional workloads and containerized environments, scaling to thousands of applications. These capabilities are driven by a sophisticated and enterprise-ready policy infrastructure based on hierarchies and delegation of authority. Furthermore, we will demonstrate the depth of analytics capabilities by deeply correlating the security characteristics of workloads to their network security posture.

Recent Posts Simple by design; Automating per-namespace isolation with Aporeto and OpenShift Five Things to Check Out at VMworld 2019 and Visit While in San Francisco The Evolution of the Serverless Era (and redefining security to keep up)