Zero Trust Security
Get Zero Trust Out Of The Box
With users connecting from various locations and devices and applications in multiple environments – especially highly distributed microservices deployments – organizations need a new secure access approach to prevent data breaches and increase user productivity. Modern security architecture has moved towards a Zero Trust strategy that asserts no entity – user, app, service or device – should be trusted by default. With a Zero Trust approach, continuous authentication and authorization are enforced between microservices across multi-cloud environments.
Tetrate’s Istio-powered service mesh provides Zero Trust security out of the box, so you can quickly adopt a defense-in-depth posture that is consistent with Zero Trust security principles as recommended by CISA and NIST. Tetrate lets you achieve this posture through declarative policies and without modifying any application code.
With Tetrate, you can:
Zero Trust Technical Features
A service mesh provides all core components of Zero Trust architecture, as well as integration with other capabilities like OIDC and OPA. Tetrate’s service mesh supports key Zero Trust security principles by providing strong identity, enforcing fine-grained access controls, encrypting communications and providing comprehensive visibility into service interactions.
The following service mesh features contribute to achieving Zero Trust security, out of the box.
- Service Identity and Authentication. Check the identity and integrity of users and devices without respect to location. Secure service discovery ensures that only authorized services can discover and communicate with each other.
- Fine-Grained Access Controls. Easily separate trust and access to clusters and data by deploying fine-grained control from org level to container level. Easily implement RBAC, ABAC and NGAC within the mesh to ensure that only authorized entities have access to specific services or resources.
- mTLS Encryption. With mTLS, communication between microservices can be end-to-end encrypted, enhancing the confidentiality of data.
- Integration of External Authn/z Services like OIDC and Open Policy Agent (OPA). Service mesh provides built-in support for executing policy verdicts from external authentication and authorization sources like OIDC and OPA – making it easy to integrate external policy engines into cloud-native applications.
- Multicluster and Multi-Cloud Visibility. Get comprehensive visibility into the interactions between services to monitor and detect any suspicious behavior. Logs and audit trails provided by the service mesh are invaluable for tracking and investigating security incidents, aligning with the principle of Zero Trust.
The service mesh adds a layer of security to an enterprise’s inter-service communication by employing a Zero Trust approach to access and using mTLS to encrypt traffic for secure communication. Additionally, limiting access from application to application helps to ensure that a malicious attacker who exploits one service cannot move laterally through your network to exploit other services. Learn more about Tetrate’s Zero Trust approach.
Defining Zero Trust Principles With NIST
Tetrate collaborates with the National Institute of Standards and Technology (NIST) to define and promote the federal guidelines for Zero Trust security, applicable for both government and enterprise organizations. The NIST standard ensures compatibility and protection against modern attacks for a cloud-first, work-from-anywhere model most organizations seek to achieve.
Publications co-authored by Tetrate founding engineer Zack Butcher include:
- SP 800-204 A – Building Secure Microservices-based Applications Using Service-Mesh Architecture
- SP 800-204 B – Attribute-based Access Control for Microservices-based Application Using a Service Mesh
- SP 800-207A – A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments
Get Started Today
Achieve Zero Trust out of the box with Tetrate’s Istio-powered service mesh.