Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

NIST Microservices Security

Tia Louden
NIST%20Microservices%20Security

A Service Mesh is the only option for addressing a number of security requirements in service to service interactions in the modernized world of microservices and cloud-based applications, according to NIST Special Publication SP 800-204A that was released today.

NIST Computer Scientist Ramaswamy Chandramouli and Tetrate Founding Engineer Zack Butcher co-authored the piece, which discusses the vital role that a service mesh plays in a secure application development framework.

The requirement that they detailed for treating all microservices as non-trustworthy, and of centrally-defined security policies for consistent enforcement across those microservices, led to a single answer: a service mesh. The paper provides a detailed set of recommendations on how service meshes should manage and maintain microservices in a new cloud era.

The pair laid out concise yet comprehensive description of the role of a service mesh in a microservices architecture and why a service mesh is the answer to a number of concerns, including the security and availability of services. But they also detailed the new best practices for engineers who currently use microservices. It’s a must-read document for those adopting a microservices architecture who intend to implement a service mesh.

“It’s been a great opportunity to work closely with the team at NIST to help develop a set of recommendations for operating and configuring service mesh architectures in a way that’s sensible and secure,” said Zack Butcher. “I can’t wait to begin discussing the SP with the larger mesh community as a basis to drive towards a standard understanding of service mesh security.”

At Tetrate we’re looking forward to what the future holds for Istio and the larger service mesh community as we head in to 2020. We’d love to hear back from you on the SP’s recommendations. Join the discussion– the public comment period closes Feb. 14, 2020.

Update

As of May 2023, the SP 800-204 series has been expanded to four publications, each covering a critical aspect of microservices security. The same authors have also collaborated on the next paper in the SP 800-207 series, NIST’s foundational standards for Zero Trust.

Learn more about the NIST standards for Zero Trust and microservices security:

Tia Louden
Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
    • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?