Illumio announced support for segmenting network communications for containers with the latest release of its Adaptive Security Platform (ASP). The release expands Illumio ASP’s intuitive policy model design, effective enforcement, and easy API integration for application deployment across compute environments.
The award-winning platform enables workloads – containerized and non-containerized – to be governed consistently wherever they run, from a single interface with a uniform policy model, automatically and at scale.
Widespread adoption of public cloud environments and container-based computing is bringing unprecedented flexibility and agility to enterprise IT, as compute environments move steadily outside the data center. However, the benefits of these services can be offset by the need for security, especially in governing them consistently with segmentation policies already applied to existing applications running on data center infrastructure.
“We wanted to have a solution that worked across any data center and any cloud vendor so that we can treat them as transient services that we can easily move between,” said Colin Lennox of Baillie Gifford. “Illumio gives us the confidence to say that critical areas of our estate are completely ring-fenced and protected. We can categorically identify operational services and the users that are utilizing them. Illumio visualizes this in a logical manner, led by evidence. This gives me and my security governance team confidence that our assets are well protected at a very granular level.”
Security segmentation in the public cloud is critical to the overall protection of the data center as cloud-based infrastructure has the same access and creates additional attack vectors. Illumio ASP addresses this crucial security concern with segmentation across Kubernetes and OpenShift container platforms, as well as consistent support of non-container environments. This is unlike container security point solutions, which create another segmentation silo to administer, or existing SDN or hypervisor-based segmentation solutions, which often rely on re-architecting infrastructure.
“Illumio’s Adaptive Security Platform can replace multiple separate segmentation solutions, enabling aggressive application deployment to support a DevOps motion, without slowing it down with security overload,” said Jon Oltsik of Enterprise Strategy Group. “Illumio’s support for containers means customers can operate with competitive agility while maintaining critical isolation of their systems with Zero Trust confidence, wherever they run.”
With the newest version of Illumio ASP, enforcing security segmentation policies through workloads eliminates a number of the challenges posed by reliance on the network, providing:
Centralized, infrastructure-agnostic visibility with an approach that applies to wherever an enterprise is running its applications – from bare-metal servers and virtual machines to containers in an on-premise data center or across any public cloud environment. This provides a single security segmentation solution with visibility into all active applications.
Granular control for all workloads by decoupling enforcement from the network infrastructure, which does not require a policy to have access to anything except a specific workload – across both containerized and non-containerized applications.
The future of security and containers holds immense promise – yet as the boundaries of the data center begin to blur with public cloud offerings, so do traditional control methods and capabilities.