Aporeto doesn’t think enterprise security systems should trust anything or anybody too much. But it believes that security should bind itself to each application and watch over it like a guardian angel.
The San Francisco-based startup has launched what it calls the first “zero trust” security package for the enterprise based on finely-tuned application identity, context and intent.
Aporeto, which made the announcement Nov. 28, continuously monitors and protects applications by replacing network security-based approaches with what it terms “a radically simple” identity and authorization system.
Aporeto’s approach makes applications secure by default based on identity, context and intent. Its enterprise security solutions are purpose-built for agile distributed systems based on containers, microservices and serverless architectures as well as legacy applications. Aporeto said its Zero Trust Security software works at any scale on public, private or hybrid clouds.
Decoupled from Infrastructure and Network
The package is decoupled from the infrastructure and network; it transparently binds to applications to provide them with identity and protect them according to their context and operations intent using end-to-end cryptographic techniques, CEO and co-founder Dmitri Stiliadis told eWEEK.
This approach is underpinned by the “zero trust” principle that assumes that any part of the infrastructure can be compromised at any given time. In contrast, the common approaches of security products are to provide static, infrastructure-dependent protection that must constantly be reconfigured to address application needs.
“The most important benefits for our customers is that they can embrace cloud technologies, increase their security posture, while minimizing operational complexities,” Stiliadis told eWEEK. “Pretty much every CIO out there has a KPI (key performance indicator) of ‘how I’m going to embrace cloud.’
“While on the journey to the cloud, we’re helping the CIO create a simple security model that allows them to migrate their workloads to the cloud, and at the same time get inside their security posture and get all these things without a very complex operation or architectural solution underneath.”
Why Network-Based Security is Failing
Network-based security solutions are failing in the cloud, Stiliadis said.
“Firewalls, overlays, and access control lists are not capable of protecting distributed applications. By focusing on identity and cryptographic techniques, we can decouple security from the infrastructure and make security operations strong, simple and scalable,” Stiliadis said.
Aporeto tracks dynamic environments at scale. It binds to any application, on a single or a distributed system, without requiring any network, OS kernel, or code changes. Aporeto offers visibility and exerts fine-grained application control for legacy and modern; moreover, it can deliver this solution as a cloud service or as an on-premises installation.
Enterprise cloud data management provider Informatica is using Aporeto as the company grows its portfolio of cloud services.
“Aporeto is accelerating our expansion to the cloud,” said Alec Chattaway, director of Cloud Infrastructure Operations for Informatica. “We can quickly reduce complexity by removing unnecessary and cumbersome supporting services, while at the same time reducing cost and increasing efficiency, resiliency and security. With Aporeto, we can secure our Linux workloads on any infrastructure with end-to-end encryption and have a path for modernizing with a security layer that is future-proofed.”
For more information, go here.