The Istio open source project has launched the service mesh concept into the forefront of cloud and microservices architecture conversations and is having a profound impact on future cloud and container technology platform decisions. Istio service mesh is an open-source community driven effort designed to address the operational needs – observability, load-balancing and canary deployments – of deploying microservices at scale. Istio also introduces interesting security potential into containerized environments that are otherwise expensive and complex to develop from scratch, with the promise of enabling encryption (mutual TLS) across all applications, associated PKI logic for TLS and powerful API-layer authentication and authorization capabilities. While Istio is promising in concept, it is still evolving, and time will tell how enterprises will choose to consume it as part of public cloud, PaaS and IaaS environments. And to get full value from the security potential which Istio will eventually offer, its prudent to deploy Istio along with a comprehensive, distributed microservices security layer.
To address this opportunity, we are excited to offer qualified design partners access to the beta of Aporeto for Istio. Aporeto’s comprehensive microservices security platform and multi-platform application segmentation solution provides a unique security policy overlay for Istio. Aporeto for Istio combines easy and intuitive policy definition, distribution and enforcement with native Istio integration and enforcement. It helps development and security teams define Istio security policy, provides comprehensive visibility across all applications in the environment and provides a uniform security layer that extends from Istio to legacy applications.
Aporeto support for Istio provides the following benefits on an Istio environment:
- Powerful and intuitive Istio authorization policy creation and management that leverages Envoy proxy for enforcement through an Aporeto Mixer adapter.
- Uniform security policy across heterogeneous environments, so that your Istio service mesh environment can securely integrate with other Kubernetes, virtualized and even non-containerized workload environments and external APIs.
- Enforcement of security policies in multi-cluster Istio environments to support customer applications requiring geo-redundancy or environmental segregation requirements.
- End to end visibility and audibility for your application communications across service mesh and non service mesh environments helping with security compliance.
- Security vulnerability management, threat detection, behavioral profiling, security auditing, alerting and orchestration in Istio environments.
If you would like more information or to get involved as a design partner in the beta of Aporeto for Istio, please give us a little information about yourself and we’ll be in touch shortly.