We are truly excited to release Kong Mesh 1.2 today and introduce three new security capabilities that make it the most secure enterprise service mesh available today.
Kong Mesh is built on open source Kuma [which Kong created](https://konghq.com/blog/introducing-kuma-universal-service-mesh)which Kong created in 2019 and has since [donated it to the CNCF](https://konghq.com/blog/kuma-0-6-0-released-with-hybrid-universal-support-for-service-mesh)donated it to the CNCF. Kuma is a universal control plane for service mesh that is based on Envoy. Its breakthrough architecture was developed to solve real-world customer issues, enabling it to run across multiple clusters, in every cloud and every application runtime.
We think of Kuma as an extensible and flexible [service connectivity overlay](https://konghq.com/blog/multi-cluster-multi-cloud-service-meshes-with-cncfs-kuma-and-envoy)service connectivity overlay that discovers and connects services automatically, including over hybrid Kubernetes and VM services.
By leveraging this unique design, Kong Mesh 1.2 brings the following unprecedented out-of-the-box security to our customers' services:
Kong Mesh 1.2 is the first and only service mesh that is natively integrated with [Open Policy Agent (OPA)](https://www.cncf.io/announcements/2021/02/04/cloud-native-computing-foundation-announces-open-policy-agent-graduation)Open Policy Agent (OPA) as a first-class citizen, now a graduated CNCF project. This makes Kong Mesh the easiest product in the entire industry to deploy OPA across every application in our organization. For developers, this is like service mesh security nirvana!
"Open Policy Agent solves authorization problems across the cloud native stack, including microservice API protection, Kubernetes admission control, CICD pipelines, public cloud configuration and database query access controls," said Tim Hinrichs, CTO of Styra and co-creator of OPA. "OPA is especially well-suited for microservice API authorization because it provides extremely fast, context-aware authorization decisions using policies that are decoupled from the microservice itself — so security, compliance, operations and dev teams can collaborate to implement, review and update policies without changing underlying services or application code."
Historically, Kong Mesh has leveraged Kuma’s multi-zone support to enable distributed service mesh use cases. These distributed service meshes are typically clusters that exist between on-premises data center environments, cloud providers, VPCs or even separation based on workload runtime (like Kubernetes or VM).
With Kong Mesh 1.2, we’re enhancing that multi-zone functionality by providing an enterprise authentication mechanism between the global and remote control planes. This functionality extends the KDS (Kuma Discovery Service, the xDS-based API that connects the global and the remote control planes together) to support additional authentication capabilities within the architecture and enables enterprise teams to support global use cases while improving the security footprint within the service mesh control plane.
As the service mesh design pattern grows in adoption within workload environments, there’s a growing focus on compliance for the underlying service mesh platform. For Envoy-based service meshes, this compliance with the Federal Information Processing Standard (FIPS) has been challenging to achieve. Today, we are happy to announce that Kong Mesh ships with FIPS 140-2 compliance out of the box on every official distribution, including Kubernetes and VMs.
The inclusion of FIPS 140-2 compliance out of the box, as well as automated third-party Certificate Authority support (through HashiCorp Vault), Traffic Permission policies and native Open Policy Agent support establish a foundation of zero-trust within an organization's service connectivity platform.
These capabilities make Kong Mesh the easiest way to accelerate day-0 security compliance across the entire organization - preventing breaches and data loss, as well as increasing the security posture of the organization as a whole.
"Honestly, I am not sure how we ran our day to day without Kong Mesh before," said Aaron Weikle, CEO and founder of [MS3](https://www.ms3-inc.com)MS3. "We used to use MuleSoft to drive MS3's day-to-day business, but we were constantly battling issues with observability when customers would send in dirty data as well as understanding where issues arise or where delays would occur. In addition, the concept of zero-trust wasn’t possible with MuleSoft, and Crypto Miners at one point were able to gain access to our API platform. With Kong and Kong Mesh, we have established a tight-knit zero-trust platform with certificate rotation that makes it nearly impossible to penetrate and keeps our business and services running smoothly, saving a ton of operation dollars chasing issues that before we just couldn’t pinpoint."
Technology teams know that a security breach is only one-click away and can happen to anyone, instantly wrecking an organization's reputation and putting customers, partners and staff at risk. The new release of Kong Mesh fundamentally changes the way service mesh is secured and eliminates the drudgery typically associated with advanced security and zero-trust models.
To learn more about Kong Mesh 1.2 and our [Kong Konnect](https://konghq.com/kong-konnect)Kong Konnect platform, schedule a demo today!
Kong Mesh 2.13 delivers full support for Mesh Identity for Kubernetes and Universal mode. Plus, it's been designated as a Long Term Support release, with support for a total of 2 years. But first, what's Kong Mesh for the uninitiated? Built on top
[](https://konghq.com/blog/product-releases/kong-mesh-2-13)
As cybersecurity takes the main stage, organizations face a significant challenge: how do you strike a balance between maintaining a high level of security and ensuring employees have enough data access to perform their jobs properly? Role-based ac
[](https://konghq.com/blog/learning-center/what-is-rbac)
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the
[](https://konghq.com/blog/engineering/secure-access-control-with-opa-and-kong)
In the modern IT stack, API gateways act as the first line of defense against attacks on backend services by enforcing authentication/authorization policies and validating and transforming requests. When backend services are protected with a token-b
[](https://konghq.com/blog/engineering/zero-trust-oauth-2-0-mtls-client-authentication)
With digital transformation shifting networks into the cloud — from remote workforces to online banking — cyberattacks are growing more prevalent and sophisticated. Legacy security models like VPNs and perimeter-based firewalls are proving inadequat
[](https://konghq.com/blog/engineering/microsegmentation-and-zero-trust-security)
With its flexible querying capabilities, GraphQL makes it easy to combine data from multiple sources into a single endpoint. GraphQL and API management go hand in hand to build next-generation API platforms. However, GraphQL's features can als
[](https://konghq.com/blog/engineering/graphql-security-vulnerabilities)
Application programming interfaces (APIs) allow software to communicate and share data. But how can those APIs confirm the identity of the clients theyre communicating with? API keys are one solution. API keys are unique codes for authenticating and
[](https://konghq.com/blog/learning-center/what-are-api-keys)