Yes, we use the word MicroPerimeter™ both as a way to describe our products and as a way to describe a security model. But what do we mean by “microperimeter”?
MicroPerimeter™ security means applying your security as close to the thing you’re securing as possible.
Guarding the Edge of Your Network
The traditional model assumes there is one way into your network, and that you can protect that entryway with a gatekeeper. Maybe it’s as simple as a firewall – or something more sophisticated, like an API gateway – but it always means you’re guarding the “macro perimeter.” That is, you’re protecting the edge of your network. Even if you specify a rule, such as “only User X can access Service Y,” once that traffic makes it past the gate, anything could happen.
Network security is fine, but that’s all you’re protecting — the network. Everything inside that network isn’t created equally, and simply filtering IP addresses and ports isn’t enough. We can’t assume that just because Service Y and Service Z are both inside the network that they are allowed to talk to each other. Even if both of the services are healthy and uncompromised, accessing data requires business logic and rules that go beyond network level security.
Guarding the Edge of Your Service
MicroPerimeter™ Security doesn’t mean you have to throw away your network security. MicroPerimeter™ Security means you add another layer: service-level security. Traffic inside a network is often just as unsecured as traffic coming from outside the network, but that doesn’t mean you should send your traffic on a long, round trip to some third-party service to verify internal traffic. Instead, you add security to your service with a small, but powerful microperimeter security tool.
Now every single service has a unique identity, whether it’s a full-stack server or a microservice running on a docker container. Every request is evaluated at the perimeter of the service, not the perimeter of the network. We can apply rules specifically to that service — rules that include an identity for the user who ultimately started the request, as well as the service executing the request and the thing (or device) receiving that request.
Cloudentity has developed a range of MicroPerimeter™ tools to apply those rules at the service, not the network, whether for legacy, full-stack applications, container orchestration such as Kubernetes and Docker, or applications run locally on embedded systems in the world of IoT, all backed up by a flexible, scalable model of identity that carries from the edge through the MicroPerimeter™.
Learn more about how Cloudentity’s MicroPerimeter™ tools can benefit your organization — contact us today!