Cilium networking in Istio with Gloo Mesh Get started now

Exit Icon

What is Zero Trust Security?

Zero trust is a security model (originally defined by Forrester) that includes not trusting any person or system inside and outside of your network, verifies before establishing trust, and grants only the minimal access needed to complete a particular function. Public cloud infrastructure, SaaS, personal devices for corporate use, and microservices architecture all change the surface area for risk, hence a zero trust model.

Traditional security practices focused on securing the perimeter to keep the threats outside of your corporate network and prevent access. Yet even with a secure perimeter, internal systems and data are compromised if a malicious actor gets in or another internal system has a vulnerability. Visibility is critical to monitor ongoing network traffic, auditing, and to inspect for any anomalous activity.

Why choose Solo.io to bring zero trust security to modern apps

Solo.io’s Gloo Mesh and Gloo Edge can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever.

Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.

Why choose Solo.io to bring zero trust security to modern apps

Solo.io’s Gloo Mesh and Gloo Edge can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever. Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.

Control ingress and egress traffic at the edge

With untrusted traffic from external sources coming in over the internet, you’ll need tools to protect your applications and sensitive data. Rate-limiting can stop denial-of-service attacks while a web application firewall can screen out other malicious requests.

Authenticate, authorize, and encrypt all connections

The main point of zero-trust is that every connection should be validated before being allowed. Integration with your existing external authentication and authorization servers is an essential function of service mesh and API gateways. Use mTLS encryption to protect data-in-motion on all connections.

Federate security policies and management

Keep your modern applications safe with common security policies enforced consistently everywhere. Roll-out new policies and patches with no-interruption updates, get 24-hour CVE fixes, and have them back ported up to four versions.

Monitoring, logging, & tracing

Monitor all requests and log them for auditing and forensics. You’ll need to be able to observe traffic in real-time and review historical activity. Export metrics, trace connections, and review reports with Prometheus, Grafana, Sysdig, Data Dog, Splunk, and other operational analytics and security tools.

Limit access to resources

Use granular role-based access controls and delegation to limit which users and applications have permissions to resources and management tools.

Secure builds

Basic open source distributions of Istio and Envoy Proxy don’t comply with industry standards and regulations such as FIPS 140-2. Solo offers a FIPS-ready build so you know you’ll be able to meet the requirements.

See our infographic summarizing key capabilities you need to implement zero-trust security with a service mesh.

Security is a team sport

While not strictly a security feature of gateways and service meshes, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.

How to Videos

Watch videos about implementing zero trust security

How do I secure my API gateway?
WATCH NOW
How do I secure workloads with a service mesh?
WATCH NOW

Additional Zero Trust Security Resources

Block Log4Shell attacks with Gloo Edge
Read More
Blog
How Service Mesh Enables a DevOps Revolution
Read More
Blog
Security at Scale with Gloo Edge
Read More
Blog
How to configure zero trust Authn/Authz with Istio
Read More
Blog
Guest blog: How Snyk is normalizing authentication strategies with Gloo Edge
Read More
Blog
Bridging a Prometheus Authentication Gap with Gloo Edge Transformations
Read More
Blog
Performance Tuning for ExtAuth using OPA
Read More
Blog
The value of production LTS support: zero-day response to Istio CVEs
Read More
Blog
Solving a Real-World Information Leakage Problem with WebAssembly and Gloo Edge
Read More
Blog
Want design, security, or operations help?
TALK TO AN EXPERT
Get hands-on, engineer-focused training
VISIT SOLO ACADEMY
Check out the schedule of upcoming workshops
REGISTER NOW