Applications are made up of a large number of instructions and data. Instructions operate on data which is fetched in a cache and memory and is always unencrypted. Scaled-out, distributed applications are made up of a large number of application instances. These application instances have their own data in the cache and memory of the processor on which these applications run. A large number of such application instances communicate with each other and process data in parallel to create an aggregate output.
These types of scaled-out applications are extremely vulnerable to application breaches, data thefts from cache and memory by scraping, and other methods of illicitly obtaining data from the applications, cache, and/or memory. In data centers which cater to important applications and data types, such as Personally Identifiable Information (PII), Payment Card Industry (PCI) data, medical information that falls under Health Insurance Portability and Accountability Act (HIPAA), military and Government critical tasks, any application and/or data breach is very destructive and expensive to contain and/or resolve. Therefore, it is beneficial to attempt to prevent such breaches.
Typically, application security in data centers is attempted by applying policies and rules at various levels using security appliances installed in the data center. However, in spite of providing layers of security appliances to create a security perimeter around the data center, malware and malicious software still enters inside the servers in the data center to steal data and attack applications.
In most cases of data breaches, data and application instances that utilize flows in the East-West (E-W) direction, i.e., communication between servers and application instances inside of the data center, are attacked. This is different from North-South (N-S) flows which are protected by conventional data security appliances. Since the edge of the data center where all the servers are connected is considered the safest place, many times, applications communicate with each other in clear data without protecting the data. A huge amount of data is shared across applications and application tiers in the E-W direction within the data center.