 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Aspen Mesh sponsored this post.
Last year was challenging for data security. In the first nine months alone, there were 5,183 breaches reported with 7.9 billion records exposed. Compared to mid-year 2018, the total number of breaches was up 33.3%, and the total number of records exposed more than doubled, up 112%. Data for the year 2020 so far agree with these trends, with the biggest cyber resilience pitfalls including gaps in protection, lowered detection rates, longer breach impacts, and increasing exposure of customer data.
This tells us that despite significant technology investments and advancements, software security still has significant gaps. A missed patch or misconfiguration can let the villains in to wreak havoc or steal data. For companies moving to the cloud and the cloud native architecture of microservices and containerized applications, it’s even harder. In addition to the perimeter and the network itself, there’s a new network infrastructure to protect: the myriad connections between microservice containers.
With microservices, the surface area available for attacks has increased exponentially, putting data at greater risk. In addition, network-related problems like access control, load balancing and monitoring, which had to be solved once for a monolith application, now must be handled separately for each service within a cluster. In short, there’s more room for breaches.
Traditionally, network security has been based on having a strong perimeter to help thwart attackers — commonly known as the moat-and-castle approach. With a secure perimeter constructed of firewalls, you trust the internal network by default: and by extension, anyone who’s there already. Unfortunately, this was never a reliably effective strategy. But more importantly, this approach is becoming even less effective in a world where employees expect access to applications and data from anywhere in the world, on any device. In fact, other types of threats — such as insider threats — have generally been considered by most security professionals to be among the highest threats to data protected by companies, leading to more development around new ways to address these challenges.
In 2010, Forrester Research coined the term “Zero Trust” and overturned the perimeter-based security model with a new principle: “never trust, always verify.” That means no individual or machine is trusted by default from inside or outside the network. Another Zero-trust precept: “assume you’ve been compromised but may not yet be aware of it.” With the time to identify and contain a breach running at 279 days in 2019, that’s not an unsafe assumption.
Starting in 2013, Google began its transition to implementing Zero Trust into its networking infrastructure with much success and has made the results of their efforts open to the public with BeyondCorp. Fast forward to 2020, and the plans to adopt this new paradigm have spread across industries, largely in response to massive data breaches alongside stricter regulatory requirements.
In order to meet these demands and challenges head-on in 2020, 53% of cybersecurity decision-makers are planning to move to Zero-trust access capabilities. And who can blame them?
Security is the most critical part of an application to implement correctly. Fortunately for those using microservices, a service mesh allows you to handle security in a more efficient way, by combining security and operations capabilities into a transparent infrastructure layer that sits between the containerized application and the network. Emerging today to address security in this environment is the convergence of the Zero-trust approach to network security and service mesh technology.
Here are some examples of attacks that a service mesh can help to mitigate:
So how can the tenets of Zero-trust security and a service mesh enable Zero Trust in the microservices environment? And how can Zero-trust capabilities help organizations address and demonstrate compliance with increasingly stringent industry regulations?
While there are plenty of Zero-trust networking solutions available for protecting the perimeter and the operation of corporate networks, there are a huge number of connections within a microservices environment that require protection. Fortunately, within Kubernetes clusters a service mesh can provide critical ways to implement and manage encryption, authentication, authorization, policy control and configuration.
Here are a few ways to approach enhancing your security with a service mesh:
A service mesh also adds controls over traffic ingress and egress at the perimeter. Allowed user behavior is addressed with role-based access control (RBAC). With these controls, the Zero-trust philosophy of “trust no one, authenticate everyone” stays in force by providing enforceable least privilege access to services in the mesh.
Service mesh providers can help organizations achieve a Zero-trust security posture by applying these concepts and features. Particularly, enterprise- and production-ready service meshes that extend capabilities to address enterprise security and compliance needs can also provide a user interface and dashboard that make it easier to deploy, monitor and configure these features.
If you’re interested in learning more about how these features, concepts, and service mesh can help you achieve Zero-trust security, check out this free white paper.
Feature image via Pixabay.
At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: feedback@thenewstack.io.
