Enterprise-ready, FIPS-compliant Istio ambient mode is now available to enterprise customers through Tetrate to reduce service mesh cost and simplify management without compromising security.
SAN FRANCISCO, April 10, 2025 -- Tetrate, the company bringing Istio and Envoy to the enterprise, is the first to offer a FIPS-validated (Federal Information Processing Standards) image of Istio ambient mode. Tetrate developed the enterprise-ready image under a Small Business Innovation and Research contract with the U.S. Air Force (USAF). For the first time, Istio users can deploy a service mesh architecture with sidecars, in ambient mode, or in application libraries and still meet security and performance requirements, knowing that their images are FIPS validated.
Istio is an open source service mesh used by IT teams to build cloud-native workloads securely and reliably. Istio ambient mode is an alternative deployment architecture that eliminates the need for sidecar proxies, reducing resource overhead, simplifying management and scaling service meshes more efficiently.
The Istio open source community made Istio ambient mode generally available in early November 2024. Tetrate quickly worked with the USAF Platform One to modify, document and test a build of Istio ambient mode to achieve Federal Information Processing Standard (FIPS) compliance.
FIPS standards are used by government agencies, contractors and vendors to ensure that their systems and products meet the government's security and interoperability requirements. They are also used by private sector organizations that want to ensure the security and interoperability of their systems and products, especially if they work with the government.
"Tetrate today delivers the first FIPS-validated ambient mode image of Istio service mesh to the U.S. Air Force and simultaneously became the first-to-market with the solution for commercial enterprises as well," said Varun Talwar, co-founder of Tetrate. "Now the USAF and our enterprise customers can use the service mesh architecture of their choice – with sidecars, in ambient mode, or in application libraries – and meet their security and performance needs with full assurance that their images are FIPS validated and supported by Tetrate. This is an important milestone, and we celebrate with the USAF as well as with Tetrate customers and the Istio community, who are the beneficiaries of the rapid and continuous innovation our partnership with USAF has inspired."
Tetrate enhances USAF Platform One with ambient mode
Tetrate is the go-to service mesh provider for the U.S. Air Force (USAF) Enterprise DevSecOps platform, Platform One, delivering critical security enhancements and continuous compliance for the national defense-related needs. In early September 2024, Tetrate announced its selection by AFWERX for U.S. government contracts exceeding $3 million for two new cybersecurity projects for the USAF. The first contract called for Tetrate to implement ambient mode optimization using open source Istio.
USAF selected Tetrate to bring ambient mode into USAF communications networks to provide a more resilient communicative framework in warfare environments and drastically reduce communication vulnerability to sophisticated adversaries. With ambient mode, Tetrate enables seamless node-to-node communication that extends operational reach and ensures continuity of command and control, even when conventional networks fail. By running ambient mode alongside a traditional sidecar proxy mesh, the USAF can optimize resource utilization based on security risk profile, thereby improving Platform One's underlying infrastructure efficiency.
Tetrate is the leading authority on security for cloud-native applications
Tetrate has been a leading collaborator with NIST in defining security standards for cloud-native applications, including Special Publication (SP) 800-207 series on the groundwork for Zero Trust and SP 800-204 series on security strategies for microservices-based applications.
Most recently, Tetrate collaborated with NIST on two topics: SP 800-233: Guidance on the Use of Service Mesh Proxy Models for Cloud-Native Applications and SP 800-228, Guidelines for API Protection for Cloud-Native Systems. Both are now available for public review. The former offers guidance on the security implications of alternate service mesh proxy models, such as ambient mode. The latter addresses secure deployment of APIs, which is critical for overall enterprise security. Read more about the four service mesh proxy models and their risk implications here.
About Platform One
Platform One is the U.S. military's software delivery engine. As a pioneering Department of the Air Force organization, Platform One provides open source tools and enterprise solutions for teams to build, deploy and secure better software at scale. Since 2018, Platform One has helped military organizations move faster and reduce the costs to create, integrate and launch better software. Platform One supports both the teams buying technology and the warfighters using it, working with the Department of the Air Force and the larger Department of Defense to make modern software development easier, faster and more effective.
About AFWERX
As the innovation arm of the DAF and a directorate within the Air Force Research Laboratory, AFWERX brings cutting-edge American ingenuity from small businesses and start-ups to address the most pressing challenges of the DAF. AFWERX employs approximately 370 military, civilian and contractor personnel at five hubs and sites executing an annual $1.4 billion budget. Since 2019, AFWERX has executed over 6,100 new contracts worth more than $4 billion to strengthen the U.S. defense industrial base and drive faster technology transition to operational capability. For more information, visit: http://www.afwerx.com.
The views expressed are those of the author and do not necessarily reflect the official policy or position of the Department of the Air Force, the Department of Defense, or the U.S. government.
About Tetrate
Tetrate delivers high availability and zero-trust security across hybrid environments while removing infrastructure and application development toil. We provide dynamic gateways that autonomously orchestrate traffic for regulated workloads with the battle-tested Envoy proxy.
Tetrate's product suite includes the Agent Operations Director for GenAI ROI and risk governance, Application Gateway for multi-cluster Kubernetes ingress traffic management and Service Bridge for enterprise-wide service mesh. Tetrate also provides enterprise support and tooling for Istio and Envoy Gateway. These solutions enable enterprises to seamlessly discover, connect, secure and optimize their microservices regardless of their infrastructure or regulatory complexity.
MEDIA CONTACTS
Cristin Connelly
Cathey.co for Tetrate
cristin@cathey.co
This News is brought to you by Qube Mark, your trusted source for the latest updates and insights in marketing technology. Stay tuned for more groundbreaking innovations in the world of technology.
