DEVOPSdigest

Aporeto announced Trireme, an open-source security project for cloud-native applications and initially targets Kubernetes and Docker by bringing security initiatives in line with the speed of cloud-native development on any cloud and at any scale.

The approach, which simplifies application segmentation for distributed applications, is based on a distributed architecture and is an alternate implementation of network policy that does not require any external controller or state, hence relieving the complexities of overlay topologies. The open approach allows the community to participate and build on this new foundation introduced by Aporeto.

"The traditional way of thinking makes the network the natural place to impose security for distributed applications. Mechanisms include distributed firewalls, distributed ACLs, and SDN. However, when you think about cloud-scale, none of these approaches make sense," said Dimitri Stiliadis, CEO of Aporeto. "Aporeto Trireme attaches security to the application by authentication and authorization in a network-agnostic way. We're ready now to engage with the open-source community and make cloud-native applications viable, manageable and useful for the first time."

Aporeto's Trireme approach is compatible with all networking techniques available in Kubernetes. Moreover, this approach also provides protection against man-in-the-middle or replay attacks that IP filter-based implementations cannot support. It is also extensible across federated Kubernetes clusters and works in the presence of network address translations (NAT) or tunneling mechanisms, such as SDN, without requiring any IP address and port configuration.