What the Aporeto Trireme Project means for the security community
With extensive experience in networking, security, and cloud, our founding team here at Aporeto, the company behind Trireme, embarked on a journey to redefine application security with the help of the cloud.
Some of us have spent a lot of years in the network and SDN worlds. As we were operationalizing data center networks, it became apparent that most of the time we were introducing network complexity to solve security problems. It was this realization that made us challenge fundamental assumptions on how we deal with security.
Redefining application security
We launched the Aporeto Trireme project on November 1, 2016. We are delighted by the community engagement around the project and grateful for the support that we have gotten from other communities like Kubernetes and CNCF. And now, we are honored to have been selected as a Black Duck Rookie. While this support and recognition have intrinsic value, they hit the spot for us specifically because they reinforce our idealism and give us a nod to continue with our mission to redefine application security. It validates our efforts and we appreciate that.
What makes applications vulnerable to attacks?
Here’s more on what got us here. For several decades now, we have been using the network as the key tool for all security measures. The ideas around perimeter security were born from these approaches. But how many times have we all heard: “The application was working, but a firewall rule changed and it broke”? Or even “Our database was hacked because it was open to the wrong IP addresses”? The complexity of dealing with IP addresses, domain names, load balancers and other network constructs has become a source of frustration for application developers and operators alike. Also, it has made applications more vulnerable to attacks.
How the Aporeto Trireme project changes security
It’s time to change that. The Trireme open source project was designed with exactly these problems in mind and is based on two fundamental concepts:
1) Security must be decoupled from network details, by introducing end-to-end transparent authentication, authorization, and encryption on all communications between workloads.
2) Security must be there by default and it must be simple.
No more firewalls. No SDNs. No VLANs. No IP address dependencies. No more backdoors. Instead, provide the tools that allow developers to secure their applications without depending on some magic “IT change request” that will address security somewhere else.
Security is a critical business need and is a shared responsibility between developers and security teams; we need the right tools to create a seamless and automated interfaces between the two. Our Trireme project is the first step in this direction. We will continue to add more operational tools that will allow us to build secure-by-default applications in any cloud and any infrastructure.
