Build a Secure Developer Platform Using Argo, Istio and Vault

Transcript

1. Build a Secure Developer Platform Using Argo, Istio and Vault

   Jona Apelbaum & Alessandro Vozza

2. 2 | Copyright © 2022 Field Engineer Solo.io Placeholder Slide

   Title Jona Apelbaum Platform Advocate Solo.io Alessandro Vozza

3. 3 | Copyright © 2022

4. 4 | Copyright © 2022 01 02 03 04 05

   06 Developer Portals Pimp your IdP with Service Mesh Multi-{tenant|cluster|cloud} Automate everything w/ GitOps + Demo Secure your workloads + Demo Wrap up Agenda Slide – 6 Items

5. 5 | Copyright © 2022 Solo.io - Pick the right

   Cloud-Native building blocks Well Funded ($135M), $1B Valuation Satisfied Customers (135% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership Unified Platform for API Gateway | Multi-Cloud | Zero-Trust | Observability

6. 6 | Copyright © 2022 1. What is a Developer

   Portal?

7. 7 | Copyright © 2022 Internal Developer Platforms Developers -first

   experience IdPs are interfaces to backend services, catalogs and utilities for developers

8. 8 | Copyright © 2022 - Self service - Comprehensive

   - Best practices - Platform Engineering team - Secure - Automated discovery IdPs for all

9. 9 | Copyright © 2022 SRE, Platform, DevOps? SRE practices

   Platform Engineering DevOps culture DevOps SRE Platform Engineering

10. 10 | Copyright © 2022 2. Service Mesh and IdPs

11. 11 | Copyright © 2022 Service Mesh in 2 minutes

12. 12 | Copyright © 2022

13. 13 | Copyright © 2022 3. Multi-{tenant|cluster|cloud}

14. 14 | Copyright © 2022 Multi-everything

15. 15 | Copyright © 2022 Multicluster Istio

16. 16 | Copyright © 2022 Multicluster Istio

17. 17 | Copyright © 2022 N/S vs E/W traffic

18. 18 | Copyright © 2022 4. Automate everything w/ GitOps

19. 19 | Copyright © 2022 GitOps in 2 minutes

20. 20 | Copyright © 2022 How do we do GitOps

    https://akuity.io/

21. 21 | Copyright © 2022 Demo 1: Multicluster canary

22. 22 | Copyright © 2022 Intermezzo: what’s going on?

23. 23 | Copyright © 2022 5. Securing your workloads

24. 24 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem X DMZ

25. 25 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem X Privileged user

26. 26 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem X Privileged user Phishing victim

27. 27 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem Privileged user Phishing victim Access unlocked!

28. 28 | Copyright © 2022 Moving to Microservices • Increased

    complexity • Increased # attack surfaces • More vulnerable

29. 29 | Copyright © 2022 What is Zero Trust •

    Zero Trust (ZT) is a set of security principles that treats every component, service and user of a system continuously exposed to and potentially compromised by a malicious adversary • Zero Trust Architecture (ZTA) is an enterprise’s cybersecurity plan that utilises ZT concepts and encompasses component relationships, workflow planning, and access policies • Zero Trust Enterprise (ZTE) is the network infrastructure and operational policies that are in place for an enterprise as a product of zero trust architecture plan

30. 30 | Copyright © 2022 Principles of Zero Trust •

    Assume no implicit or explicit trusted zone in network • Identity verification strictly enforced for all connections • Access Control strictly enforced for communication between apps and servers • Risk profiles, generated in realtime are used in resource access control • All sensitive data is encrypted both in transit and at rest • All events are continuously monitored, collected, stored and analysed to assess compliance with security policies • Policy management and distribution is centralised https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity

31. 31 | Copyright © 2022

32. 32 | Copyright © 2022 Secretless workloads with Vault

33. 33 | Copyright © 2022 Demo 2: Secretless workloads

34. 34 | Copyright © 2022 6. Wrap up What did

    we learn?

35. 35 | Copyright © 2022 35 | Copyright © 2022

    https://academy.solo.io

36. Thank You!