Today security is performed with firewalls, network ACLs, VPNs, overlays and micro-segmentation. All of these technologies are based on TCP/IP address ranges, resulting in several problems. Because the security model is based on location, it is difficult to secure a distributed application that may span on-premises, hybrid cloud or multi cloud environments with disparate security mechanisms. The complexity involved leads to flawed security settings masked by a lack of visibility into the security posture of applications. As services are spun up, closed down and moved, it is impossible to update all of the TCP/IP address range rules across the infrastructure to track application component lifetimes.
The Aporeto security model is tied to the identity of application components rather than TCP/IP address ranges, making it a perfect fit for both traditional 3-tier and modern cloud-native applications. Because this security model allows you to untether your applications from the network, the benefits include higher automation, saving valuable DevSecOps time, relieving developers from having to add specific code for security, gaining independence from equipment vendor or cloud-provider’s security infrastructure, and the use of one consistent security model that is easy to understand, visualize and implement across on-premises and cloud environments.