The Value of Application Identity

By: Amir Sharif 03.20.2019
The Value of Application Identity

What is Application Identity?

An ‘application identity’ is the account that is used to run an application. These days, applications are at the core of business transformation. The speed of innovation is driving an ever-increasing need for cloud native infrastructure, application architecture, and new development methodologies. The identity can be that of the user that is currently logged on (the interactive user), the user that launched the server, a specified user, or a service.

IT Continues to Evolve

Currently, the evolution wave is driven by a mass migration into the cloud infrastructure and the adoption of microservices architecture. Unless your company is a startup without any previous “IT debt,” you are invariably integrating the cloud and microservice-based applications into your existing “brownfield” environment.

The question should not be whether your security technologies and practices are evolving as fast as IT because it should be clear that they are not. Without the appropriate security measures, the very cloud and microservices innovations that you are adopting to propel your business forward may create risks that could expose your most confidential data and inevitably cause problems for the business.

The Role of Zero Trust Security

To achieve a strong application identity, you must have Zero Trust security, which is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. No single specific technology is associated with zero trust; it is a holistic approach to network security that incorporates several different principles and technologies. Zero Trust security for microservices, containers and cloud works through the transparent generation of strong application identity. This identity is used for authenticating and authorizing application component interactions within those two user interfaces, and external services. Aporeto’s approach, analogous to two-factor authentication for user interfaces, allows enterprises to securely continue their journey to the cloud and adopt more agile microservices while leveraging their existing, brownfield infrastructure without compromising them.

One may attempt to extend existing infrastructure security and segmentation techniques to the evolving cloud and microservices space, but this earnest attempt simply ignores the realities of the public cloud and the Zero Trust posture that would be wise to adopt. The ideal security posture is to protect workloads and their interactions with strong contextual identity that feeds an automatable, scalable policy engine.

With application identity, security professionals can put the things they are tasked with protecting back at the center of their security strategy. For more information on why cloud-security requires a strong application identity, read our technical brief here.

Recent Posts Simple by design; Automating per-namespace isolation with Aporeto and OpenShift Five Things to Check Out at VMworld 2019 and Visit While in San Francisco The Evolution of the Serverless Era (and redefining security to keep up)