The rate of innovation and velocity of bringing new ideas and products to market are increasing on a global scale. This is not new information for anyone who follows technology trends, or those CTO/CIO’s that are evaluating their next NPI. From the perimeter to the application and even the API’s themselves, microservices and containers are being exploited. The known list of tech stack vulnerabilities is increasing at a rate comparable to the unknown ones. While this is not the ideal corps-à-corps paradigm, it is a fact of doing business on the Internet. This new cybersecurity marketplace, where white knight talent is focusing on solutions, is how threats are going to be met and beaten. Those CSO’s and their teams are too often trying to take on this fight solo, but no longer are they alone.
One such white knight company is Banyan, who describe themselves as Zero Trust meets service mesh. Zero Trust is the idea that any physical network can be compromised, regardless of perimeter or level of network access control. Borrowing from the adage of never trust and always identify, further championed by Google in their BeyondCorp architecture, means that CSO teams create microperimeters around value resources (assets and data) and authenticate based on user, location, and even data source. Far more than just the elimination of the VPN, by presuming every network is untrusted, the basis for a new central policy ACL is established. Bad actors often discriminate between the vector and the target, and too often enterprise security and risk teams don’t apply a common security policy across all assets. Such micro-segmentation is Banyan's first layer and the second is the idea of service mesh. Where Zero Trust was focused on network style control, service mesh is the interactivity between the application, containerized or traditional, and even the API’s of a microservices architecture. In other words, service mesh is the ability to deliver application-level authentication, authorization, and encryption in a lightweight form factor.
Banyan has developed a full stack security architecture designed to secure even the most critical systems -- posting a guard at the perimeter, at the external door and floor of every building, but also the individual door and shelf of every room. To accomplish this without creating an invasive, cost or oppressive overhead, they have adopted a four pillar of security model:
- Make no changes to the network
- Incrementally roll out new security measures without changing apps
- Architect solutions that go beyond the perimeter
- Leverage existing enterprise tools
While the natural inclination of a good security engineer is to take on this role, perform all these tasks in a reinvent-the-wheel exercise, but outsourcing to a full stack solutions company is not an existential threat. Banyan is not obsoleting the in-house security engineer -- rather they are enhancing the common practices and augmenting security layers, freeing up security resources to focus more tactically on the true proprietary nature of the business and the engineering teams.