With extensive experience in networking, security, and cloud, our founding team here at Aporeto, the company behind Trireme, embarked on a journey to redefine application security with the help of the cloud.
Some of us have spent a lot of years in the network and SDN worlds. As we were operationalizing data center networks, it became apparent that most of the time we were introducing network complexity to solve security problems. It was this realization that made us challenge fundamental assumptions on how we deal with security.
We launched the Aporeto Trireme project on November 1, 2016. We are delighted by the community engagement around the project and grateful for the support that we have gotten from other communities like Kubernetes and CNCF. And now, we are honored to have been selected as a Black Duck Rookie. While this support and recognition have intrinsic value, they hit the spot for us specifically because they reinforce our idealism and give us a nod to continue with our mission to redefine application security. It validates our efforts and we appreciate that.
Here’s more on what got us here. For several decades now, we have been using the network as the key tool for all security measures. The ideas around perimeter security were born from these approaches. But how many times have we all heard: “The application was working, but a firewall rule changed and it broke”? Or even “Our database was hacked because it was open to the wrong IP addresses”? The complexity of dealing with IP addresses, domain names, load balancers and other network constructs has become a source of frustration for application developers and operators alike. Also, it has made applications more vulnerable to attacks.
It’s time to change that. The Trireme open source project was designed with exactly these problems in mind and is based on two fundamental concepts:
1) Security must be decoupled from network details, by introducing end-to-end transparent authentication, authorization, and encryption on all communications between workloads.
2) Security must be there by default and it must be simple.
No more firewalls. No SDNs. No VLANs. No IP address dependencies. No more backdoors. Instead, provide the tools that allow developers to secure their applications without depending on some magic “IT change request” that will address security somewhere else.
Security is a critical business need and is a shared responsibility between developers and security teams; we need the right tools to create a seamless and automated interfaces between the two. Our Trireme project is the first step in this direction. We will continue to add more operational tools that will allow us to build secure-by-default applications in any cloud and any infrastructure.
Dimitri leads Aporeto’s technology and company vision. He brings a multidisciplinary background in distributed systems, security and networking and has been the inventor of several ground-breaking technologies in these areas. Before Aporeto, he was the co-founder and CTO of Nuage Networks, where he led the development of the industry-leading Virtualized Services Platform. He was also the CTO and Co-Founder of the NonStop Laptop Guardian, an end-point security solution. He has held several leading roles in Bell Labs Research, where he led a series of research programs with fundamental contributions in networking, algorithms, and distributed systems, and was instrumental in the commercialization of these technologies. Dimitri received a Ph.D. and an MSc in computer engineering from the University of California, Santa Cruz. He is the author of more than 50 papers at international conferences and journals, holds more than 25 patents and was the co-recipient of the 1998 IEEE Fred W. Ellersick Prize Paper Award.