Zero Trust Networking

Controlling access to microservices applications and data

What is Zero Trust Networking?

Zero trust is a security model (originally defined by Forrester) that includes not trusting any person or system inside and outside of your network, verifies before establishing trust, and grants only the minimal access needed to complete a particular function. Public cloud infrastructure, SaaS, personal devices for corporate use, and microservices architecture all change the surface area for risk, hence a zero trust model.

Traditional security practices focused on securing the perimeter to keep the threats outside of your corporate network and prevent access. Yet even with a secure perimeter, internal systems and data are compromised if a malicious actor gets in or another internal system has a vulnerability. Visibility is critical to monitor ongoing network traffic, auditing, and to inspect for any anomalous activity.

Security is a team sport

While not strictly a security feature of gateways and service meshes, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.

Secure an API gateway

Secure a service mesh

Why choose to bring zero trust security to modern apps’s Gloo Mesh and Gloo Edge can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever. Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.

Control traffic

With untrusted traffic from external sources coming in over the internet, you’ll need tools to protect your applications and sensitive data. Rate-limiting can stop denial-of-service attacks while a web application firewall can screen out other malicious requests.

Authenticate and encrypt

The main point of zero-trust is that every connection should be validated before being allowed. Integration with your existing external authentication and authorization servers is an essential function of service mesh and API gateways. Use mTLS encryption to protect data-in-motion on all connections.

Federate security policies

Keep your modern applications safe with common security policies enforced consistently everywhere. Roll-out new policies and patches with no-interruption updates, get 24-hour CVE fixes, and have them backported up to four versions.

Gloo Edge

Next generation API gateway

Gloo Mesh

Multi-Cluster service mesh configuration and traffic control.