Aporeto, a leader in Zero Trust Cloud Security, announced new Kubernetes security capabilities. With this announcement, Aporeto now offers Identity Federation for Kubernetes pods applicable to any cloud.
Users can run their apps on the Kubernetes platform of their choice and let Aporeto’s cloud-delivered security solution provide least privilege access to cloud credentials for their apps, realizing significant time and cost savings while being able to adopt cloud-native services faster.
For enterprise organizations using Istio service mesh to manage their containers, microservices or Kubernetes container orchestration, Aporeto now offers an Envoy plugin that seamlessly extends all Aporeto capabilities into an Istio service mesh environment.
Through x509 certificates and OAuth tokens, Aporeto provides consistent identities to all workloads and enables identity federation between a company’s workloads and any third party.
With Aporeto, organizations can bring legacy services into Istio without any changes, and any non-Istio service can become a consumer of the service mesh with no code-changes or operational configuration change of the service. Additionally, Aporeto provides extended Berkeley Packet Filter (eBPF) support for better performance.
“Most teams that Arctiq works with now have multiple Kubernetes clusters across many environments. While teams today are interested in deploying Istio with every cluster, ensuring a consistent configuration across all clusters is still a difficult task,” said Shea Stewart, partner at Arctiq.
“Aporeto provides a centralized control plane of Istio enforcement that ensures all clusters are appropriately configured and offers an opportunity for enterprises to set up some safe guard rails while development teams learn to use the features of Istio.”
“Managing cloud credentials is a big challenge for anyone building cloud-native apps. The recent cloud-native breaches are the result of compromised cloud credentials,” commented Dimitri Stiliadis, CTO and co-founder of Aporeto.
“Our customers know that allowing Kubernetes pods to securely consume cloud-managed resources means that there is a high risk of unauthorized access to cloud credentials, and we are here to solve this problem for them.”