Skip to main navigation menu Skip to main content Skip to site footer

Vol. 1 No. 1 (2020)
2020 Edition

Articles

Zero Trust with Micro-segmentation: A Software-Defined Approach to Securing Cloud-Native Applications

Published 2020-06-15

  • Bhavin Desai
    • ,
  • Asit Patil

Bhavin Desai
Google, Sunnyvale, California USA

Asit Patil
John Deere India Pvt Ltd

Abstract

This paper advocates for micro-segmentation as a foundational element of zero-trust security in cloud environments. We explore how software-defined networking (SDN) enables dynamic micro-segmentation, enhancing protection for cloud-native applications and mitigating the impact of breaches. Zero Trust is a modern security paradigm that eliminates the notion of implicit trust within a network by enforcing strict access controls and continuous authentication. When applied to cloud-native applications, a software-defined approach to Zero Trust and micro-segmentation leverages virtualization, containerization, and dynamic policy enforcement to secure workloads.

Keywords

Zero Trust, Micro-segmentation, Software-Defined Security, Cloud-Native Applications

View PDF

References

  1. C. Abdelmassih, "Container Orchestration in Security Demanding Environments at the Swedish Police Authority," ed, 2018.
  2. O. Mämmelä, J. Hiltunen, J. Suomalainen, K. Ahola, P. Mannersalo, and J. Vehkaperä, "Towards micro-segmentation in 5G network security," in European Conference on Networks and Communications (EuCNC 2016) Workshop on Network Management, Quality of Service and Security for 5G Networks, 2016.
  3. C. DeCusatis, P. Liengtiraphan, A. Sager, and M. Pinelli, "Implementing zero trust cloud networks with transport access control and first packet authentication," in 2016 IEEE International Conference on Smart Cloud (SmartCloud), 2016: IEEE, pp. 5-10.
  4. R. Vanickis, P. Jacob, S. Dehghanzadeh, and B. Lee, "Access control policy enforcement for zero-trust-networking," in 2018 29th Irish Signals and Systems Conference (ISSC), 2018: IEEE, pp. 1-6.
  5. K. A. Torkura, M. I. Sukmana, and C. Meinel, "Integrating continuous security assessments in microservices and cloud native applications," in Proceedings of the10th International Conference on Utility and Cloud Computing, 2017, pp. 171-180.
  6. S. Brunner, M. Blöchlinger, G. Toffetti, J. Spillner, and T. M. Bohnert, "Experimental evaluation of the cloud-native application design," in 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), 2015: IEEE, pp. 488-493.
  7. K. A. Torkura, M. I. Sukmana, F. Cheng, and C. Meinel, "Leveraging cloud native design patterns for security-as-a-service applications," in 2017 IEEE International Conference on Smart Cloud (SmartCloud), 2017: IEEE, pp. 90-97.
  8. D. R. Bharadwaj, A. Bhattacharya, and M. Chakkaravarthy, "Cloud threat defense–A threat protection and security compliance solution," in 2018 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), 2018: IEEE, pp. 95-99.
  9. J. Garrison and K. Nova, Cloud native infrastructure: Patterns for scalable infrastructure and applications in a dynamic environment. " O'Reilly Media, Inc.", 2017.
  10. D. Pilone, B. Mclaughlin, and P. Plofchan, "Lessons Learned while Exploring Cloud-Native Architectures for NASA EOSDIS Applications and Systems," in 2017 Winter ESIP Meeting, 2017, no. GSFC-E-DAA-TN38031.