Compliance for Modern Applications Requires a Modern Approach to Security
Modern applications are architected as microservices, running on containers, and automated by orchestrators like Kubernetes, Swarm and Mesos. These workloads are dynamically orchestrated and the location and IP address are unpredictable. Traditional approaches to securing these environments are no longer effective and compliance data is no longer accurate.
Application Modernization Requires a Modern Approach to Security and Compliance
Zero-Trust Network Security
90% of traffic for traditional applications is North/South. Modern Applications invert this model with 90% of traffic generated East/West. This traffic must be monitored and secured. A zero-trust model is the optimal way to secure your applications.
Periodic or point-in-time audit data is not relevant for modern applications that change every few minutes. All policy and network flow data must be logged with data that identifies each workload in order to demonstrate compliance for a modern application.
Visibility, Traceability, Remediation
Modern applications are assembled using reusable and ephemeral workloads that constantly change location and IP address. Traditional flow logging does not work on modern applications. The only accurate approach is to log traffic based on authenticated workload identity.
Multi-cloud and Legacy
Modern applications often need to communicate with a legacy backend. These environments are very difficult to secure without a policy framework that spans modern and legacy environments.