- Home
- >
- DevOps News
- >
- How Service Meshes and Kubernetes Will Close Gap Between Speed and Security – InApps Technology 2025
How Service Meshes and Kubernetes Will Close Gap Between Speed and Security – InApps Technology is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn How Service Meshes and Kubernetes Will Close Gap Between Speed and Security – InApps Technology in today’s post !
Key Summary
The tension between rapid software delivery and robust security is a core challenge in DevOps. Reuven Harrison, CTO of Tufin Technologies, discusses how automation, Kubernetes, and service meshes address this gap. Key points include:
- Security Lag:
- IT and DevOps have embraced automation, but security remains largely manual, slowing business goals or compromising safety.
- Manual security checks cannot keep pace with daily releases in CI/CD pipelines.
- Automation as Solution:
- Policy as Code: Automates security policy generation within CI/CD pipelines, visualized and reviewed manually or automatically, adhering to the “no more, no less” access rule.
- Tools scan on-premises and hybrid cloud environments to map policies, embedding security into development workflows.
- Kubernetes Role:
- Provides end-to-end stack control with isolated namespaces and instances, simplifying CI/CD testing and policy integration.
- Enables clear mapping of traffic and security policies, unlike older systems requiring app-specific traffic differentiation.
- Incident Management:
- Current tools offer “learning mode” (alerts without action) to avoid disruptive lockdowns; “enforcement mode” (available in Tufin tech) actively blocks non-compliant actions but risks broader impact.
- Future automation will enhance incident response, flagging or mitigating threats without manual intervention.
- Microsegmentation and Zero Trust:
- Replaces traditional firewalls with zero-trust models, requiring authentication and authorization for every network request.
- Reduces attack surface by isolating microservices, limiting breach impact.
- Service Meshes (e.g., Istio):
- Create an overlay network between microservices, transparent to developers, using sidecar architecture.
- Provide performance monitoring, traffic visibility, and security enforcement, pinpointing issues without disrupting operations.
- Cultural Shift:
- Companies must align culture with automated security practices, fostering collaboration between DevOps and security teams to prioritize speed and safety.
- InApps Insight: Kubernetes and service meshes like Istio enable automated, secure, and scalable DevOps pipelines, bridging the speed-security gap while supporting zero-trust and microsegmentation strategies.
Read more about How Service Meshes and Kubernetes Will Close Gap Between Speed and Security – InApps Technology at Wikipedia
You can find content about How Service Meshes and Kubernetes Will Close Gap Between Speed and Security – InApps Technology from the Wikipedia website
Raygun sponsored this podcast.
How Service Meshes and Kubernetes Will Close Gap Between Speed and Security
Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn
We want to move fast — that’s what agile software development and DevOps is all about — but how do we move fast without sacrificing security? Are we mistaking availability for security? This dichotomy and the challenge of security management has only become more severe as enterprises enable developers to release daily, and distributed systems and sophisticated attacks make it all much more complicated.
Reuven Harrison, CTO and co-founder of Tufin Technologies, talks on InApps Technology Makers podcast about what 16 years in enterprise security policy management looks like.
Harrison said this security management has always begun with identifying business processes that enable efficient and effective security. It’s just now there are thousands of security vendors and hundreds of different tools to address cyber attacks. That’s why he argues automation is key, yet security is still lagging in this area.
“What happened over time is that IT started to get automated, and later on, this whole concept of DevOps evolved and things got even more automated in the cloud. Security kind of stayed behind. It was still manual and still is to a very large extent,” Harrison said.
But if you are doing security manually, with someone looking at each change, he continued, you are either slowing down business goals or compromising on security. Harrison argues automation closes this risk gap.
The current state of security policy management has tooling scan for all the policies both on-premise and in the hybrid cloud and visualizes the connections. The next generation is embedding security automation into the continuous integration and continuous delivery (CICD) pipeline. A la infrastructure as code, this “policy as code” is an automated generation of policies within the pipeline. Then the generated policy is manually or eventually automatically reviewed. CICD has you releasing multiple times a day and with this, you would generate a policy at for each release, following traditional “No more, no less” rule of only providing access to precisely what is necessary.
Harrison goes onto explain how Kubernetes is a great way to control the full stack end to end with isolated, independent environments, each with its own namespace and instance. With Kubernetes, it’s easy to create, run, and automate tests in the CICD pipeline, and then include and visualize security policies along with it all.
He says that in the old world we had to differentiate traffic to each app, but in the new, you have to have your traffic and security all mapped out ahead.
The next iteration will see people automating incident management. Harrison said the enforcement mode is already available in some Tufin tech, but people usually choose to remain on learning mode, where their security policies are on alert but not automatically addressed. He says this is because the biggest fear is that if you lock down everything, it’ll then break with a much bigger blast radius.
This is why there’s a growing trend of microsegmentation. What used to be firewalls and the location of the user is now offering zero trust, with every request to access a network resource having to be authenticated and authorized.
Harrison ends the conversation by talking about how service meshes and especially Istio service meshes create an overlay network that sits between your microservices. Like an actual mesh material, it’s transparent to developers and comes with tooling that makes it easy to map out what he calls “sidecar architecture” and to provide performance, monitoring, and security, so everyone not only knows how traffic is but has visibility into what is causing the problem.
“At the end of the day, it’s just infrastructure providing services and applications, and you need to control who can talk to whom,” Harrison said.
Also, read:
In this edition:
2:16: What has to change in a company culture to then make those changes in a software policy, because I’m sure one reflects the other?
6:38: Exploring the power of automation.
9:42: How many companies are actually moving forward and doing this now?
13:12: Does it have the next step that if it’s not legitimate is it flagging to other people, is there incident response, or does it completely take down something that is flagged as going against the security policies?
16:15: So, in a way, the enforcement mode would be less permissive than a firewall?
21:59: What is one thing our listeners can do to help someone else get a leg up in the tech industry?
Feature image by Simon Matzinger from Pixabay.
Source: InApps.net
Let’s create the next big thing together!
Coming together is a beginning. Keeping together is progress. Working together is success.
