Network-based security doesn’t work in the cloud, said Dimitri Stiliadis, co-founder and CEO of Aporeto.
“We decouple security from the network,” he said. “We assign an identity to every workload; we introduce end-to-end authentication and encryption. This allows us to completely decouple security from infrastructure so it works in their private cloud, in their public cloud, and as they move across public clouds. They don’t have any infrastructure dependencies, and they can get the exact same security posture for their workloads no matter where they are installed.”
The security-as-a-service is based on a zero-trust approach, which assigns rules and policies to workloads, virtual machines (VMs), or network connections. It only allows necessary actions and connections in a workload or application, and blocks anything else.
“The term ‘zero-trust’ was coined several years ago, and I think we finally see the technology catching up with the ambition on the term,” Stiliadis said.
This concept is central to micro-segmentation and used in other competing technologies including VMware’s NSX, Cisco’s Tetration, and Illumio’s Adaptive Security Platform. A whole new crop of security startups are also employing zero-trust security models in their products, Stiliadis said. “But they are coming more from the Kubernetes and cloud-native space. We support both new applications like Kubernetes and cloud native, and the older Linux-based workloads.”
This is noteworthy because Aporeto is best-known as a container security company. Last year it open-sourced a piece of its container security technology: a project called Trireme, that integrates with Kubernetes and Docker. It’s pronounced “Try-Reem,” and it’s named after the Greek warships driven by a helmsman, or kubernetes.
In May, following the closing of the company’s $11.2 million Series A funding round, Stiliadis told SDxCentral that the company would use the funding to develop a cloud security platform. The result of that work is the commercial product announced today.
The new product’s focus on cloud security instead of containers stems from customer demand. “Our focus has always been, and continues being, on security for microservices and distributed applications,” Stiliadis said. “But even in the most aggressive environments in adopting Kubernetes, the reality is there are a lot of workloads that are not container centric. We are going to be in this hybrid environment for a lot of years.”
Cloud data management company Informatica is a customer using the new security product. Other industries showing interest in the security service have a couple common characteristics, Stiliadis said. “They move money around or deal with other people’s data.” For enterprises with applications that do either of those two things, he said the product “fits like a glove.”