Yes, we use the word MicroPerimeter™ both as a way to describe our products and as a way to describe a security model. But what do we mean by “MicroPerimeter™?”
MicroPerimeter™ Security means applying your security as close to the thing you’re securing as possible.
Guarding the Edge of your Network
The traditional model assumes there is one way into your network, and you can protect that with a gatekeeper. Maybe it’s as simple as a firewall, or something more sophisticated like an API Gateway, but it always means you’re guarding the “macro perimeter.” That is, you’re protecting the edge of your network. Even if you specify a rule, such as “only User X can access Service Y,” once that traffic makes it past the gate, anything could happen.
Network security is fine, but that’s all you’re protecting – the network. Everything inside that network isn’t created equally, and simply filtering on IP addresses and ports isn’t enough. We can’t assume that just because Service Y and Service Z are both inside the network that they are allowed to talk to each other. Even if both of the services are healthy and uncompromised, accessing data requires business logic and rules that go beyond network level security.
Guarding the Edge of your Service
MicroPerimeter™ Security doesn’t mean you have to throw away your network security. MicroPerimeter™ Security means you add another layer – service level security. Traffic inside a network is often just as unsecured as network coming from outside the network, but that doesn’t mean you send your traffic on a long, round trip to some third party service to verify internal traffic – instead you add security to your service with a small, but powerful MicroPerimeter™ security tool.
Now every single service has a unique identity, whether a full stack server or a microservice running on a docker container. Every request is evaluated at the perimeter of the service, not the perimeter of the network. We can apply rules specifically to that service, rules that include Identity for the User who ultimately started the request, the Service executing the request, and the Thing (or device) receiving that request.
Cloudentity has developed a range of MicroPerimeter™ tools to apply those rules at the service, not for the network, whether for legacy, full stack applications, container orchestration such as Kubernetes and Docker, or running locally on embedded systems in the world of IoT all backed up by a flexible, scalable model of Identity that carries from the Edge through the MicroPerimeter™.