Advanced Microservices Security and Compliance

Microservices Security: the Right Tools for the Job

You want to make sure your microservice-based applications are compliant and secure. But that’s impossible without the right tools.

Distributed architectures enable greater agility and scalability, but increase attack surface area. You know what that means: encryption, authorization, authentication and data integrity become increasingly important with containerized applications. The good news? Aspen Mesh has the capability and expertise to ensure that your applications are secure, compliant and easy to monitor.

Service Mesh + Kubernetes = More Secure Microservices

When you break applications apart into smaller services, you expose a greater area for attack. And the communication that used to take place via function calls within the monolith? It’s now exposed to the network. This means adding security to address this has to be a core consideration on your microservices journey.

The challenge with security is that it's only as strong as the weakest link.  You want a secure Kubernetes cluster with encryption between pods. You need a consistent and verifiable approach to security to protect your compliant posture.

This is the problem that a service mesh leveraging the sidecar proxy approach solves. Service mesh adds automatic mTLS between all the services in your Kubernetes cluster, providing on-the-wire encryption to create secure and compliant applications. Because the service mesh is the encryptor, it's the one place you have to address CVEs, and it can enforce security policies on plaintext where they're the most powerful. (Oh, and Aspen Mesh will take care of the CVEs for you and give you a catalog of per-vertical compliance policies.)

Securing Kubernetes Clusters and Services

Aspen Mesh adds a layer of security that allows you to monitor and address compromising traffic as it enters the mesh. It integrates with Kubernetes as an ingress controller allowing you to add a level of security at the perimeter with ingress rules. Nice. You can apply monitoring around what is coming into the mesh and use route rules to manage compromising traffic at the edge.

You can also ensure that only authorized users are allowed in through the Role-Based Access Control (RBAC) capability. This provides flexible, customizable control of access at the namespace-level, service-level and method-level for services in the mesh. RBAC provides two distinct capabilities. First, the RBAC engine watches for RBAC policy and fetches updated policy as needed. Second, it authorizes requests at runtime by evaluating the request context against the RBAC policies, to return an authorization result.

Want defense in depth? You get that with a service mesh and its mutual TLS (mTLS) encryption of the traffic between your services. The mesh can automatically encrypt and decrypt requests and responses, removing that burden from the application developer. 

Aspen Mesh provides more than just client server authentication and authorization, it allows you to understand and enforce how your services are communicating. And not only that, but prove it cryptographically in order to meet compliance regulations. It automates the delivery of the certificates and keys to the services, the proxies use them to encrypt the traffic (providing mTLS), and periodically rotates certificates to reduce exposure to compromise. You can use TLS to ensure that Istio instances can verify that they’re talking to other Istio instances to prevent man-in-the-middle attacks.

Enforcing and Proving Compliance

Aspen Mesh provides you with a real-time view into your microservices and their security posture and makes it simple to enforce and prove compliance. It provides complete audit logs, fine-grained RBAC and mTLS to help you easily enforce microservices security and compliance and help achieve a zero-trust network. With Aspen Mesh, you get:

Real-time Security Status

Visualize your service mesh. The Aspen Mesh dashboard provides a clear view of connection security and service permissions.

Industry-specific Policy

Map policy to your industry standards such as PCI/DSS, HIPAA and ISO 27001nand create blanket policies that are easily enforceable and auditable.

Compliance Reporting

Manage and prove compliance through collecting granular data that can be sent to your choice of SIEM/GRC tool.

Microservices security and compliance are no walk in the park. If you’re on the path to increased agility and scalability with microservices but have security concerns, talk to us about how to achieve a secure and compliant microservice architecture.

Take Aspen Mesh for a Test Drive

Aspen Mesh is the simple, production-ready service mesh. Start your 30-day free trial to find out what it can do for you.

Start Your Trial