Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Build a Secure Developer Platform Using Argo, Istio and Vault

Build a Secure Developer Platform Using Argo, Istio and Vault

Alessandro Vozza

May 25, 2023
Tweet

More Decks by Alessandro Vozza

Other Decks in Technology

Transcript

  1. 2 | Copyright © 2022 Field Engineer Solo.io Placeholder Slide

    Title Jona Apelbaum Platform Advocate Solo.io Alessandro Vozza
  2. 4 | Copyright © 2022 01 02 03 04 05

    06 Developer Portals Pimp your IdP with Service Mesh Multi-{tenant|cluster|cloud} Automate everything w/ GitOps + Demo Secure your workloads + Demo Wrap up Agenda Slide – 6 Items
  3. 5 | Copyright © 2022 Solo.io - Pick the right

    Cloud-Native building blocks Well Funded ($135M), $1B Valuation Satisfied Customers (135% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership Unified Platform for API Gateway | Multi-Cloud | Zero-Trust | Observability
  4. 7 | Copyright © 2022 Internal Developer Platforms Developers -first

    experience IdPs are interfaces to backend services, catalogs and utilities for developers
  5. 8 | Copyright © 2022 - Self service - Comprehensive

    - Best practices - Platform Engineering team - Secure - Automated discovery IdPs for all
  6. 9 | Copyright © 2022 SRE, Platform, DevOps? SRE practices

    Platform Engineering DevOps culture DevOps SRE Platform Engineering
  7. 26 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem X Privileged user Phishing victim
  8. 27 | Copyright © 2022 Traditional Security - Edge Security

    DC / On-Prem Privileged user Phishing victim Access unlocked!
  9. 28 | Copyright © 2022 Moving to Microservices • Increased

    complexity • Increased # attack surfaces • More vulnerable
  10. 29 | Copyright © 2022 What is Zero Trust •

    Zero Trust (ZT) is a set of security principles that treats every component, service and user of a system continuously exposed to and potentially compromised by a malicious adversary • Zero Trust Architecture (ZTA) is an enterprise’s cybersecurity plan that utilises ZT concepts and encompasses component relationships, workflow planning, and access policies • Zero Trust Enterprise (ZTE) is the network infrastructure and operational policies that are in place for an enterprise as a product of zero trust architecture plan
  11. 30 | Copyright © 2022 Principles of Zero Trust •

    Assume no implicit or explicit trusted zone in network • Identity verification strictly enforced for all connections • Access Control strictly enforced for communication between apps and servers • Risk profiles, generated in realtime are used in resource access control • All sensitive data is encrypted both in transit and at rest • All events are continuously monitored, collected, stored and analysed to assess compliance with security policies • Policy management and distribution is centralised https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity