Aporeto, a leader in Zero Trust Cloud Security, announced
today new Kubernetes security capabilities. With this announcement,
Aporeto now offers Identity Federation for Kubernetes pods applicable to any
cloud. Users can run their apps on the Kubernetes platform of their choice and
let Aporeto's cloud-delivered security solution provide least privilege access
to cloud credentials for their apps, realizing significant time and cost
savings while being able to adopt cloud-native services faster.
For
enterprise organizations using Istio service mesh to manage their containers,
microservices or Kubernetes container orchestration, Aporeto now offers an
Envoy plugin that seamlessly extends all Aporeto capabilities into an Istio
service mesh environment. Through x509 certificates and OAuth tokens, Aporeto
provides consistent identities to all workloads and enables identity federation
between a company's workloads and any third party. With Aporeto,
organizations can bring legacy services into Istio without any changes, and any
non-Istio service can become a consumer of the service mesh with no
code-changes or operational configuration change of the service. Additionally,
Aporeto provides extended Berkeley Packet Filter (eBPF) support for better
performance.
The
company will be demonstrating the new Kubernetes identity federation and Istio
enhancements at the KubeCon conference in San Diego, Booth #S42, November 18 -
21. Users can learn how to secure a Kubernetes cluster in under five minutes
with no dependency on CNI and no operational overhead of setting-up another
tool.
"Most
teams that Arctiq works with now have multiple Kubernetes clusters across many
environments. While teams today are interested in deploying Istio with every
cluster, ensuring a consistent configuration across all clusters is still a
difficult task," said Shea Stewart, partner at Arctiq. "Aporeto provides
a centralized control plane of Istio enforcement that ensures all clusters are
appropriately configured and offers an opportunity for enterprises to set up
some safe guardrails while development teams learn to use the features of
Istio."
"Managing cloud credentials is a big challenge for anyone building cloud-native apps. The recent
cloud-native breaches are the result of compromised cloud credentials,"
commented Dimitri Stiliadis, CTO and co-founder of Aporeto. "Our customers know
that allowing Kubernetes pods to securely consume cloud-managed resources means
that there is a high risk of unauthorized access to cloud credentials, and we
are here to solve this problem for them."