Easily Achieve Distributed Policy Deployment Across Your Kubernetes Multicluster

Presented by

Marcus Heese, Principal Engineer, Aporeto

About this talk

With Kubernetes network security policies only operating within the context of a single cluster; multi-cluster and multi-cloud deployments become challenging to manage. Cloud-native applications are often deployed across multiple regions and sometimes across multiple clouds for high-availability/resiliency which inevitably translates to a deployment across multiple clusters. Kubernetes network policies boil down to IP-based ingress and egress rules for access control outside the cluster in which IP-based rules do not work well with dynamic microservices. What is needed is a new approach that eliminates the need for IP-based Kubernetes network security policies. Aporeto uses a workload identity based-approach to cloud security, not IP addresses, to authenticate and authorize policies distributed across a Kubernetes cluster. Aporeto automates the most complex security requirements for operating workloads in Kubernetes, including network access control, API security, security configuration automation, policy distribution and enforcement across hybrid and multi-cluster environments all from a single platform. In this webinar we will demonstrate how: * Aporeto assigns a cryptographic signed and attested service identity to every Kubernetes pod * The use of a service identity tied to a Kubernetes pod allows all policies to be enforced independent of infrastructure - cross regions, cross clouds and cross data centers * You can route your traffic as needed by your network team, independent of security concerns - north/south or east/west due to Aporeto use of service identity to protect your workloads * Aporeto strengthens security against bad actors and malicious threats to prevent a security breach

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (23)
Subscribers (897)
Listen to industry experts discuss the latest trends and disruptions in microservices, container and cloud security and how to deploy Zero Trust in the cloud.