- Use Cases
- What is Zero Trust Security?
What is Zero Trust Security?
Zero trust is a security model (originally defined by Forrester) that includes not trusting any person or system inside and outside of your network, verifies before establishing trust, and grants only the minimal access needed to complete a particular function. Public cloud infrastructure, SaaS, personal devices for corporate use, and microservices architecture all change the surface area for risk, hence a zero trust model.
Traditional security practices focused on securing the perimeter to keep the threats outside of your corporate network and prevent access. Yet even with a secure perimeter, internal systems and data are compromised if a malicious actor gets in or another internal system has a vulnerability. Visibility is critical to monitor ongoing network traffic, auditing, and to inspect for any anomalous activity.
Why choose Solo.io to bring zero trust security to modern apps
Solo.io’s Gloo Mesh and Gloo Edge can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever.
Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.
Securing your environment with comprehensive controls.
Why choose Solo.io to bring zero trust security to modern apps
Solo.io’s Gloo Mesh and Gloo Edge can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever. Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.
Managing consistent security policies across multiple environments.
Control ingress and egress traffic at the edge
With untrusted traffic from external sources coming in over the internet, you’ll need tools to protect your applications and sensitive data. Rate-limiting can stop denial-of-service attacks while a web application firewall can screen out other malicious requests.
Authenticate, authorize, and encrypt all connections
The main point of zero-trust is that every connection should be validated before being allowed. Integration with your existing external authentication and authorization servers is an essential function of service mesh and API gateways. Use mTLS encryption to protect data-in-motion on all connections.
A simple filter chain to control ingress traffic to an API.
Federate security policies and management
Keep your modern applications safe with common security policies enforced consistently everywhere. Roll-out new policies and patches with no-interruption updates, get 24-hour CVE fixes, and have them back ported up to four versions.
Monitoring, logging, & tracing
Monitor all requests and log them for auditing and forensics. You’ll need to be able to observe traffic in real-time and review historical activity. Export metrics, trace connections, and review reports with Prometheus, Grafana, Sysdig, Data Dog, Splunk, and other operational analytics and security tools.
Centralized observability for traffic between services.
Limit access to resources
Use granular role-based access controls and delegation to limit which users and applications have permissions to resources and management tools.
Secure builds
Basic open source distributions of Istio and Envoy Proxy don’t comply with industry standards and regulations such as FIPS 140-2. Solo offers a FIPS-ready build so you know you’ll be able to meet the requirements.
See our infographic summarizing key capabilities you need to implement zero-trust security with a service mesh.
Security is a team sport
While not strictly a security feature of gateways and service meshes, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.
