Announcing TEG 1.2—Enterprise support and FedRAMP-ready FIPS builds for Envoy Gateway 1.2

Learn more › close
Tetrate Enterprise ready service mesh
Get Demo
Pricing

Frequently Asked Questions

Service Mesh Solutions

What Is a Kubernetes Ingress Controller

How Kubernetes Ingress Works

What Is Kubernetes Ingress Used For?

What Is a CVE (Common Vulnerability and Exposure)?

What Are the Benefits of CVES?

How Does Tetrate Fix Cves?

What Is CVSS?

What Are the Limitations of CVE?

What’s the Difference Between Tetrate Products and Istio?

What Is the Difference Between CVE and CVSS?

What Is a Cybersecurity Vulnerability?

What Is a Cybersecurity Exposure?

What Is Sidecarless?

Istio Ambient Mode vs. Ambient Mesh

What Is Cisa’s Zero Trust Maturity Model (ZTMM)?

What Are the Five Pillars of Cisa’s Zero Trust Maturity Model (ZTMM)?

 What is CISA’s Zero Trust Maturity Model (ZTMM)

What are the five pillars of CISA’s Zero Trust Maturity Model (ZTMM)?

What Are the Pillars of Forrester’s Zero Trust Model?

What Is Threat Modeling?

What Is a Software-Defined-Perimeter (SDP) with Zero Trust?

Why Is Application Security Important?

What Is Kubernetes Security?

What is Ambient Mesh?

What Is Zero Trust Architecture (ZTA)?

What Is Tetrate Service Express (TSE)?

Does Tetrate Service Express (TSE) Integrate with Amazon Eks?

Do Tetrate Products Support Multiple Cloud Deployments?

Are Tetrate Products Open Source?

Do Tetrate Products Support Non-kubernetes Workloads?

Why Do I Need Tetrate in Addition to Open Source Istio?

Do Tetrate Products Run in the Cloud and on Premises?

Why Do I Need Multitenancy in a Service Mesh?

How Do I Protect Production from Unauthorized Access in a Dynamic Compute Environment like Kubernetes?

How Can I Implement Mtls Across My Entire Infrastructure, Including Between Kubernetes and Vms?

Will Tetrate Service Bridge Work with My Existing Public Key Infrastructure?

How Do I Ensure and Prove Consistent Application of Authorization Policy Across All of My Deployments?

How Does Tetrate Service Bridge Transparently Shift Traffic to Public Cloud Services from My On-Premises, Self-Managed Infrastructure?

How Does Tetrate Service Bridge Help Optimize Locality and Minimize Egress?

How Can I Safely Roll Out My Microservices Implementation and Roll Back to the VM Implementation if It’s Not Working?

How Can I Mitigate the Damage of Infrastructure Outages by Giving My Developers Tools to Failover and Build Ha Applications?

How Does Tetrate Service Bridge Help Me Keep My Service Mesh up to Date Without Causing Outages?

How Do I Enable My Developers to Build Reliable Applications Using Mesh Primitives?

What Is the Difference Between Tetrate Service Bridge and Tetrate Service Express?

What Is an API?

What Does Kubernetes Do?

What Does “Proxied” Mean?

What Is ProxyPass?

What Is a Gateway in Microservices?

What Is ABAC?

What Does a Service Mesh Do?

What Is Istio?

What is Envoy Proxy?

What Are the Core Principles of the Zero Trust Model?

What Are the Benefits of Choosing a Zero Trust Architecture?

What Are the Core Principles of the Zero Trust Model?

Zero trust is an approach—a way of thinking about network security—more than it is any particular topology, technology, or implementation. It starts from an assumption that there are no safe places on the network and an intruder has already breached your perimeter. You should treat your data center as if all of its data and services are exposed to the public Internet.



In the zero trust model, unlike traditional perimeter security, reachability does not imply authorization. Zero trust seeks to shrink implicitly trusted zones around resources, ideally to zero. In a zero trust network, all access to resources should be:

Authenticated and dynamically authorized, not only at the network layer and the service-to-service layer, but also at the application layer. Network location does not imply trust. Service identity and end-user credentials are authenticated and dynamically authorized before any access is allowed.

Bounded in space: the perimeter of trust around a service should be as small as possible

Bounded in time: authentication and authorization are bound to a short-lived session after which they must be re-established

Encrypted, both to prevent eavesdropping and to ensure messages are authentic and unaltered.

Observable, so the integrity and security posture of all assets may be continuously monitored and policy enforcement continuously assured. Also, insights gained from observing should be fed back to improve policy.

For more information, read our Learning Center article on zero trust architecture