Securing microservices and containers based on IP address ranges will not work because they are frequently spun up, closed down and moved across on-premises and cloud environments, resulting in constantly changing addresses. By the time IP-address oriented security rules are changed, the workloads are no longer there. Further, perimeter security is not fine grained enough to secure each individual microservice or container to ensure that hackers cannot land and expand and cannot reduce exposure to any vulnerabilities that may exist in open source or in-house developed components. What is needed is a way to increase the security of application components without slowing down developers or requiring changes to existing code.
Because their addresses are constantly changing, we must attach security to the application components themselves. Aporeto automatically generates a unique identity for each microservice or container along with the security policies to protect them in a zero-trust, dynamic environment that can span clouds, sites, networks and orchestrators – with no changes to code required. This model automatically ensures that security settings are current in dynamic environments where application components are being spun up, shut down and moved frequently. It simplifies DevSecOps with automation, fine-grained security, scalability, speed, and the ability to see and resolve issues quickly. And it is 100% compatible with Kubernetes and other popular orchestrators, providing unsurpassed security.