A Service Mesh is the only option for addressing a number of security requirements in service to service interactions in the modernized world of microservices and cloud-based applications, according to NIST Special Publication SP 800-204A that was released today.
NIST Computer Scientist Ramaswamy Chandramouli and Tetrate Founding Engineer Zack Butcher co-authored the piece, which discusses the vital role that a service mesh plays in a secure application development framework.
The requirement that they detailed for treating all microservices as non-trustworthy, and of centrally-defined security policies for consistent enforcement across those microservices, led to a single answer: a service mesh. The paper provides a detailed set of recommendations on how service meshes should manage and maintain microservices in a new cloud era.
The pair laid out concise yet comprehensive description of the role of a service mesh in a microservices architecture and why a service mesh is the answer to a number of concerns, including the security and availability of services. But they also detailed the new best practices for engineers who currently use microservices. It’s a must-read document for those adopting a microservices architecture who intend to implement a service mesh.
“It’s been a great opportunity to work closely with the team at NIST to help develop a set of recommendations for operating and configuring service mesh architectures in a way that’s sensible and secure,” said Zack Butcher. “I can’t wait to begin discussing the SP with the larger mesh community as a basis to drive towards a standard understanding of service mesh security.”
At Tetrate we’re looking forward to what the future holds for Istio and the larger service mesh community as we head in to 2020. We’d love to hear back from you on the SP’s recommendations. Join the discussion– the public comment period closes Feb. 14, 2020.
Update
As of May 2023, the SP 800-204 series has been expanded to four publications, each covering a critical aspect of microservices security. The same authors have also collaborated on the next paper in the SP 800-207 series, NIST’s foundational standards for Zero Trust.
Learn more about the NIST standards for Zero Trust and microservices security: