Zero Trust and service meshes on microservice cloud-based applications : a comparative study

Abstract

Migrating microservices to a cloud environment poses challenges for maintaining security. Though Zero-Trust architecture provides guidelines on protecting the services, protecting the applications is still a major concern for companies. Research has shown that service meshes, such as Istio or Linkerd, can facilitate protection for services in a Kubernetes environment. This study aims to understand how service meshes can enable Zero-Trust approaches to service-to-service communication. Investigating how Zero-Trust protection aligns with service mesh capabilities, how it can affect service communication performance, and how Istio and Linkerd compare to each other in terms of security and performance. This research used experiments as the key part of the process to fulfill its objectives. A proof-of-concept architecture was implemented to facilitate experiments, while the experiments were divided into two categories (security and performance) and the results were used to compare Istio to Linkerd. Analysis of the experiments has shown that Linkerd is faster than Istio while providing similar levels of protection. The results indicate that different security configurations for service meshes decrease ser- vice communication performance and how these configurations align with Zero-Trust guide- lines. Based on this information, companies seeking to enforce Zero-Trust protection to services in the cloud must consider the compromises required between performance and security.