Appgate Extends SDP Reach to Kubernetes

Appgate’s software-defined perimeter (SDP) that controls access to IT platforms now includes support for Kubernetes clusters.

Jason Garbis, chief product officer at Appgate, says the Appgate SDP extends a framework for creating a zero-trust IT environment to a platform that is now being more widely used to run emerging cloud-native applications.

The Appgate SDP is deployed on a Kubernetes cluster as a sidecar to enforce policies that determine which microservices within a Kubernetes environment are allowed to communicate with other IT services, he adds. That ability to employ microsegmentation to isolate network traffic also secures ingress access to Kubernetes workloads and access to and from air-gapped Kubernetes environments and, for example, between on-premises and public cloud-based resources, notes Garbis.

The goal is to enable an IT team to employ a single framework to enforce a common set of security policies across both legacy monolithic environments and the cloud-native applications that are now being deployed at a faster rate in production environments, adds Garbis. That approach makes it simpler for IT teams to consistently implement a set of DevSecOps best practices across both types of application environments, says Garbis.

SDPs will play a major role in automating security. In a traditional environment, the network is defined by routing tables and interconnectivity, while security is defined by firewall engines that are applied and enforced in many parts of the network. All firewall rules must align to make a network session successful, making changing firewall rules in production environments challenging. In contrast, applying security directly to a session creates secure tunnels between services to enforce security on each individual connection. Those software-defined connections are much easier to change, test and scale without adding additional latency, notes Garbis.

In general, SDPs are being more widely used to enable organizations to create a zero-trust IT environment that makes ports, workloads and applications invisible unless users are authenticated and access is authorized. Access permissions are conditional and based on role, date, time, location and device posture.

Many organizations are reviewing their approach to cybersecurity in the wake of the remote work shifts necessitated by the COVID-19 pandemic and a series of high-profile security breaches. As a result, more IT organizations are now assuming any device, application or end-user credential might be compromised. SDPs limit the potential blast radius of a cyberattack by limiting the potential pathways through which malware might laterally move across an IT environment once a cybercriminal gains access to an IT environment.

Zero-trust IT is, of course, not a new idea. It’s just now becoming easier to implement via software rather than relying on hardware that has to be physically locked down. The challenge is getting application development teams to align best practices for building software with security platforms that can be programmatically invoked as code much like any other IT infrastructure platform. In fact, it’s now much less about whether software-defined security works; the challenge is bringing together application development and security cultures that, until now, have never worked that closely with one another.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard