Workload identity
Cloud native applications require a new security design that does not rely on network addresses to protect workload communications. Prisma Cloud decouples microsegmentation from the network and couples security to workload identity for optimal protection.
-
Defining workload identity
Workload identity is the key element that enables Zero Trust with Identity-Based Microsegmentation. Prisma Cloud assigns every protected host and container with a cryptographically signed workload identity.
-
Workload identity comprises tags
Each identity consists of contextual attributes, including metadata from cloud native sources across Amazon Web Services (AWS®), Microsoft Azure®, Google Cloud, Kubernetes® and more.
-
Identity ensures network visibility accuracy
Protected workloads send and receive identity upon each communication request. Identity is baked into network flow visibility so that you don’t have to rely on contextless IP addresses.
-
Identity strengthens workload defenses
Prisma Cloud verifies the identity of the communicating workloads, rather than IP addresses. If the workload is neither verified nor authorized, the network access request is denied.