Appgate Extends SDP Reach to Kubernetes
Jason Garbis, chief product officer at Appgate, says the Appgate SDP extends a framework for creating a zero-trust IT environment to a platform that is now being more widely used to run emerging cloud-native applications.
The Appgate SDP is deployed on a Kubernetes cluster as a sidecar to enforce policies that determine which microservices within a Kubernetes environment are allowed to communicate with other IT services, he adds. That ability to employ microsegmentation to isolate network traffic also secures ingress access to Kubernetes workloads and access to and from air-gapped Kubernetes environments and, for example, between on-premises and public cloud-based resources, notes Garbis.
The goal is to enable an IT team to employ a single framework to enforce a common set of security policies across both legacy monolithic environments and the cloud-native applications that are now being deployed at a faster rate in production environments, adds Garbis. That approach makes it simpler for IT teams to consistently implement a set of DevSecOps best practices across both types of application environments, says Garbis.
SDPs will play a major role in automating security. In a traditional environment, the network is defined by routing tables and interconnectivity, while security is defined by firewall engines that are applied and enforced in many parts of the network. All firewall rules must align to make a network session successful, making changing firewall rules in production environments challenging. In contrast, applying security directly to a session creates secure tunnels between services to enforce security on each individual connection. Those software-defined connections are much easier to change, test and scale without adding additional latency, notes Garbis.
In general, SDPs are being more widely used to enable organizations to create a zero-trust IT environment that makes ports, workloads and applications invisible unless users are authenticated and access is authorized. Access permissions are conditional and based on role, date, time, location and device posture.
Many organizations are reviewing their approach to cybersecurity in the wake of the remote work shifts necessitated by the COVID-19 pandemic and a series of high-profile security breaches. As a result, more IT organizations are now assuming any device, application or end-user credential might be compromised. SDPs limit the potential blast radius of a cyberattack by limiting the potential pathways through which malware might laterally move across an IT environment once a cybercriminal gains access to an IT environment.
Zero-trust IT is, of course, not a new idea. It’s just now becoming easier to implement via software rather than relying on hardware that has to be physically locked down. The challenge is getting application development teams to align best practices for building software with security platforms that can be programmatically invoked as code much like any other IT infrastructure platform. In fact, it’s now much less about whether software-defined security works; the challenge is bringing together application development and security cultures that, until now, have never worked that closely with one another.
