Aporeto simplifies service mesh security operations with Istio integration

Aporeto announced its integration with Istio, the open source service mesh platform that connects, manages and secures microservices at scale.

Istio’s service mesh is an open-source effort led by Google, IBM and Lyft that is designed to address the operational needs – observability, load-balancing and canary deployments – of deploying microservices at scale.

Istio introduces security potential into containerized environments that are expensive and complex to develop from scratch, with the promise of enabling encryption across all applications, associated public key infrastructure (PKI) logic for transport layer security (TLS), and application program interface (API) layer authentication and authorization capabilities.

Istio is pioneering the service mesh architecture that promises to simplify the operational complexities of managing and scaling applications across private and public clouds.

While the project is still in its infancy, it is having impacts on cloud-native architectural decision making in organizations of all sizes. In order to get full value from the security potential which Istio offers, it is crucial to deploy Istio along with a uniform, distributed microservices security layer.

Aporeto’s microservices security platform and integration with Istio, provides the secure, automated and hybrid enterprise Istio deployment, allowing organizations to securely operationalize a service-mesh architecture.

Based on upstream Istio, the Aporeto Istio deployment provides a unified interface for identity, policy management, and security controls, while enabling developers to continue using familiar APIs for traffic management.

Separation of duties controls allows security and operations teams to share the responsibility of scalable Istio deployment. A hardened service identity platform eliminates cloud provider lock-ins.

“The promise and flexibility of service mesh architectures is revolutionizing traditional networking and transforming security architectures. Our customers are looking for methods to adopt these technologies and support enterprise grade deployments while simplifying operations and visibility in their service interactions,” explained Dimitri Stiliadis, Co-Founder and CTO.

“With Aporeto for Istio we are offering another necessary level of security, visibility, monitoring, and operational simplicity for Istio operations.”

Aporeto support for Istio provides the following benefits on an Istio environment:

  • Istio authorization policy creation and management that leverages Envoy proxy for enforcement through an Aporeto Mixer adapter.
  • Uniform security policy across heterogeneous environments, so that your Istio service mesh environment can integrate with other Kubernetes, virtualized and even non-containerized workload environments with external APIs.
  • Enforcement of security policies in multi-cluster Istio environments to support customer applications requiring geo-redundancy or environmental segregation requirements.
  • End to end visibility and audibility for your application communications across service mesh and non-service mesh environments helping with security compliance.
  • Security vulnerability management, threat detection, behavioral profiling, security auditing, alerting and orchestration in Istio environments.

The Aporeto integration with Istio beta is available to select design partners and can be introduced transparently without any modifications of an operational service mesh.