Tetrate Enterprise Gateway for Envoy—the cloud-native service gateway—has reached 1.0!

Learn more › close
Tetrate Enterprise ready service mesh
Zero Trust Security

Zero Trust Security

Secure microservices across multi-cloud environments to protect your apps, users and business from attacks with a Zero Trust security model.
Tetrate Service Mesh

Get Zero Trust Out Of The Box

With users connecting from various locations and devices and applications in multiple environments – especially highly distributed microservices deployments – organizations need a new secure access approach to prevent data breaches and increase user productivity. Modern security architecture has moved towards a Zero Trust strategy that asserts no entity – user, app, service or device – should be trusted by default. With a Zero Trust approach, continuous authentication and authorization are enforced between microservices across multi-cloud environments.


Tetrate’s Istio-powered service mesh provides Zero Trust security out of the box, so you can quickly adopt a defense-in-depth posture that is consistent with Zero Trust security principles as recommended by CISA and NIST. Tetrate lets you achieve this posture through declarative policies and without modifying any application code.


With Tetrate, you can:

Strengthen Cyber Resilience

Strengthen Cyber Resilience

Set granular security policies to enforce strict least-privileged access controls and continuous verification to help prevent breaches and mitigate the impact of successful attacks.

Reduce Operational Complexity

Reduce Operational Complexity 

Creating a strong security stance comes with substantial overhead. Service mesh streamlines Zero Trust with built-in security controls like (m)TLS and OPA management.

Move Faster - Productive and Execute Faster

Move Faster

With the mesh as a dedicated infrastructure layer for critical security duties,  teams are more productive and execute faster with overall more secure apps.

Comply With Federal Mandates

Comply With Federal Mandates

EO 14028, OMB B 22-09, NIST SP 800-207A, NIST SP 800-204A-C, NIST SP 800-53 rev5, FedRAMP, FIPS 104-2.

Zero Trust Technical Features

A service mesh provides all core components of Zero Trust architecture, as well as integration with other capabilities like OIDC and OPA. Tetrate’s service mesh supports key Zero Trust security principles by providing strong identity, enforcing fine-grained access controls, encrypting communications and providing comprehensive visibility into service interactions. 

The following service mesh features contribute to achieving Zero Trust security, out of the box. 

  • Service Identity and Authentication. Check the identity and integrity of users and devices without respect to location. Secure service discovery ensures that only authorized services can discover and communicate with each other.
  • Fine-Grained Access Controls. Easily separate trust and access to clusters and data by deploying fine-grained control from org level to container level. Easily implement RBAC, ABAC and NGAC within the mesh to ensure that only authorized entities have access to specific services or resources. 
  • mTLS Encryption. With mTLS, communication between microservices can be end-to-end encrypted, enhancing the confidentiality of data. 
  • Integration of External Authn/z Services like OIDC and Open Policy Agent (OPA). Service mesh provides built-in support for executing policy verdicts from external authentication and authorization sources like OIDC and OPA – making it easy to integrate external policy engines into cloud-native applications.
  • Multicluster and Multi-Cloud Visibility. Get comprehensive visibility into the interactions between services to monitor and detect any suspicious behavior. Logs and audit trails provided by the service mesh are invaluable for tracking and investigating security incidents, aligning with the principle of Zero Trust.

The service mesh adds a layer of security to an enterprise’s inter-service communication by employing a Zero Trust approach to access and using mTLS to encrypt traffic for secure communication. Additionally, limiting access from application to application helps to ensure that a malicious attacker who exploits one service cannot move laterally through your network to exploit other services. Learn more about Tetrate’s Zero Trust approach.

Defining Zero Trust Principles With NIST

Zero Trust Framework

Tetrate collaborates with the National Institute of Standards and Technology (NIST) to define and promote the federal guidelines for Zero Trust security, applicable for both government and enterprise organizations. The NIST standard ensures compatibility and protection against modern attacks for a cloud-first, work-from-anywhere model most organizations seek to achieve.

Publications co-authored by Tetrate founding engineer Zack Butcher include:

  • SP 800-204 A Building Secure Microservices-based Applications Using Service-Mesh Architecture
  • SP 800-204 B Attribute-based Access Control for Microservices-based Application Using a Service Mesh
  • SP 800-207A –  A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments

Get Started Today

Achieve Zero Trust out of the box with Tetrate’s Istio-powered service mesh.