Relying on IP addresses to secure applications in a cloud-native era is a terrible idea. On a RedHat podcast, Aporeto co-founder Amir Sharif told host Chris Gregoire about the inadequacies of traditional network security for the cloud:
“Traditional network security is everything you’re familiar with. Think about East-West firewalls, access control lists, overlays. What they all have in common, is that they depend on IP addresses to provide the means by which they segment the network. IP addresses are like street addresses. They provide location information, not identity. The problem is that in the cloud, the location changes all the time, and that’s by design.”
Proper network security in the cloud-native era requires a foundational shift, from approaching security at the level of IP address to approaching security at the level of workload identity. Everything is migrating to the cloud. We are seeing a grand transition from centralized, monolithic systems to distributed, containerized applications and microservices.
As the move towards a digital world continues, enterprises have a greater responsibility to protect access to their data from bad actors. Security breaches are no longer an if condition but a when condition. When there is a breach the best option is to reduce risk by containing the breach blast radius.
Here at Aporeto, we have taken a unique approach to mitigate lateral attacks while allowing our customers to consume cloud, build cloud-native applications and improve application velocity. An IP centric approach to security introduces an overwhelming amount of complexity and a failure to establish a strong security posture. We believe security must be abstracted from IP infrastructure to address application segmentation requirements and improving your application risk posture.
Cloud-native is the future of software development, and using IP addresses to secure applications in the cloud-native era is already an outdated approach to network security. To learn more about cloud-native security and building strong application identity, read our technical brief here. It’s time to move away from legacy infrastructure.