Traditional approaches to networking and security no longer work. Applications are adopting microservices patterns and organizations are embracing public clouds, which add new challenges to operating and securing our networks. The network perimeter used to be the best and last line of defense, but high-profile compromises keep happening. Zero-trust networking is the idea of treating the private network like the public Internet: untrusted and adversarial. In this talk, we covers what zero-trust networking means, why it matters for most organizations, and how it can be implemented using Consul.
Consul is a service mesh that focuses on service discovery, service configuration, and service segmentation. Segmentation is done using a "zero trust" approach, meaning we don't depend on trusted networks or IP addresses. Applications are provided TLS certificates which provide strong cryptographic identity, using the SPIFFE standard. Mutual TLS is used to ensure application identity is verified and all traffic encrypted over the wire. Applications are integrated either using transparent sidecars or with a native SDK.