Zero Trust Security

Zero Trust Security with Service Mesh Manager

Service Mesh Manager brings the zero trust security to modern apps. The zero trust security model is based on the following points:

• don’t trust any system, not even the ones within your network
• verify the identity, authorization, and tool that the user or service uses before establishing trust,
• grant only the minimal access needed for the task or functionality.

Service Mesh Manager gives you the following security controls to your service mesh to achieve zero trust security:

• Control incoming and outgoing traffic
• Encrypt and authenticate service to service communication
• Health monitoring, logging, and tracing

Control ingress and egress traffic at the edge

To protect your applications and your sensitive data, you need to have a control over the incoming traffic from external sources. Service Mesh Manager allows you to:

• create and manage ingress and egress gateways,
• apply rate-limiting to mitigate denial-of-service attacks,
• encrypt and mutually authenticate traffic on the gateway,
• permit egress traffic only to specific endpoints to prevent data exfiltration.

Authenticate, authorize, and encrypt all connections

To make zero trust security work, every connection should be authenticated, authorizes, and encrypted. Service Mesh Manager uses mTLS encryption within the mesh to protect data-in-motion on all service-to-service connections, and can do the same for all ingress and egress traffic. If you need to create a FIPS-compliant service mesh, you can use the FIPS-compliant builds of Service Mesh Manager and Istio that use only FIPS 140-2 compliant cipher suites.

For fine-grained authorization control, you can use Istio Authorization Policies to set access control rules on workloads in the mesh. You can also restrict outbound traffic for workloads and namespaces, manually or automatically.

Health monitoring, logging, and tracing

For maintenance and security monitoring, Service Mesh Manager allows you to configure health monitoring and alerts for your services and workloads to quickly and easily notice issues that might cause a service outage. In addition, Service Mesh Manager gives you quick access to pod logs, traces, and Prometheus metrics.