How To Secure Istio Service Mesh Deployments

The Istio service mesh project is an up-and-coming open-source effort that already has the backing of major IT vendors that include IBM, Cisco, Google and Amazon. Istio however isn't secure by default, which is something that Twistlock is trying to help organizations configure, with a new guide to compliance checks released on Feb. 11. The Isto service mesh enables a more efficient type of container to container, or microservice to service communications and networking model, by offloading the connectivity to a side car proxy.  With Istio, more complex distributed microservice architectures can be built and deployed, but there are multiple key steps that organization should take before putting Istio into production. "There's a hesitancy to turn things on by default, because you're not sure what will break," John Morello, CTO of Twistlock told eWEEK. "So, you know, being a security person by trade, I always would prefer people build things in more of a secure by default manner, but it's not really what we've seen in this ecosystem."