Use Case

Defense-in-depth for Kubernetes and containerized workloads, with consistent policy across multiple clouds, clusters and heterogeneous infrastructure.  Aporeto provides Identity Federation for Kubernetes pods applicable to any cloud. Users can run their apps on any Kubernetes platform with least privilege access to cloud credentials for their apps, realizing significant time and cost savings. For organizations using Istio, Aporeto offers an Envoy plugin that seamlessly extends all Aporeto capabilities into an Istio service mesh environment.

Problem Statement

Achieving higher deployment velocity is one of the major benefits of microservices architectures and automation. Often times applications deployed in a cloud-managed Kubernetes cluster have a dependency on a legacy application deployed on-premises behind a North-South firewall. The only way to implement policies in such scenarios is to open the originating cluster IP address in the North-South firewall and defining ingress/egress rules in the Kubernetes cluster to accept any traffic from the on-premises data center. These coarse-grained rules result in an unnecessarily large attack surface. Kubernetes network policies boil down to IP-based ingress and egress rules for access control outside the cluster. IP-based rules do not work well with dynamic microservices.

Customer Pain Points

Traditional perimeter security approaches have not adapted to Kubernetes, slowing adoption and creating security friction.

I have no way to secure K8s in production across multiple clusters, in multiple clouds, and with legacy VMs.

K8s breaks traditional security models and I don’t have the skill set to architect and manage it.

The Aporeto Solution


Accelerate kubernetes deployments

Accelerate kubernetes deployments by securing your cluster in minutes with automated security and SaaS delivery.


Consistent security policy

Multi-cluster and multi-cloud support, with no CNI dependency.



Complete kubernetes security

End-to-end, defense-in-depth security for Kubernetes and containerized workloads.



...a consistent approach for securing workloads in our Kubernetes environment...

Aporeto has given us an answer to having a consistent approach for securing workloads in our Kubernetes environment, our legacy network zones and across our public cloud services. It relieves us from further burdening an overly complex network and puts the most powerful security tools into the application teams’ hands.

Todd Wilson

Product Director, Enterprise DevOps, BC Developers' Exchange

Get Started with Aporeto Today!

Key Resources