Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Zero Trust in a Cloud-Native Enterprise

Daniel Kocot
PRO
January 19, 2021
Technology
0
71

Zero Trust in a Cloud-Native Enterprise

Daniel Kocot
PRO

January 19, 2021
Tweet

More Decks by Daniel Kocot

See All by Daniel Kocot
API Thinking
danielkocot
PRO
0
19
The intersection of AI and API Development
danielkocot
PRO
0
16
Unlocking collaboration with Internal Developer Portals and Marketplaces - Democratizing API Access
danielkocot
PRO
0
10
leveraging_prompt_engineering_for_effective_openapi_descriptions_of_apis.pdf
danielkocot
PRO
0
15
API Development: Evolving Prospects and Future Outlook
danielkocot
PRO
0
46
Adopting AsyncAPI in enterprisey contexts
danielkocot
PRO
0
58
On the path to evolutionary architecture with APIs
danielkocot
PRO
0
96
Developer Journey or how to describe Platform Engineering better
danielkocot
PRO
0
60
The fairytales about API deployments
danielkocot
PRO
0
110

Other Decks in Technology

See All in Technology
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
2
470
Databricks における 『MLOps』
databricksjapan
2
170
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
200
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
2
6.3k
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
890
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
910
反実仮想機械学習とは何か
usaito
PRO
11
4.6k
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql
qsona
2
190
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
680
JAWS-UG Bedrock Claude Night
yamahiro
3
590
開発パフォーマンスを最大化するための開発体制
ham0215
2
390

Featured

See All Featured
GraphQLとの向き合い方2022年版
quramy
32
12k
Thoughts on Productivity
jonyablonski
58
3.8k
Code Reviewing Like a Champion
maltzj
514
39k
GitHub's CSS Performance
jonrohan
1025
450k
Product Roadmaps are Hard
iamctodd
44
9.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
322
20k
Being A Developer After 40
akosma
57
580k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
RailsConf 2023
tenderlove
4
540
Web Components: a chance to create the future
zenorocha
305
41k
Faster Mobile Websites
deanohume
299
30k
Build your cross-platform service in a week with App Engine
jlugia
225
17k

Transcript

  1. Zero Trust in Cloud Native Enterprises

  2. API Expert / Senior Solutions Architect

  3. 2014

  4. Beyond Corp “A new approach to Enterprise Security”

  5. 2019

  6. BeyondProd “A new approach to cloud-native security”

  7. Foundational pillars of Zero Trust Service Identity DevSecOps Policy Management

    GitOps Service Mesh

  8. GitOps

  9. GitOps - Maintenance of the preferred state of your system

    in a Git repository - Git as the “single source of truth” - immutable infrastructure => Infrastructure as Code - immutable containers => Docker - declarative container orchestration => Kubernetes

  10. DevSecOps

  11. DevSecOps - A zero-trust mindset is needed for all aspects

    of the software development lifecycle - A security team should be part of the engineering team - Scanning during development - Assuming defence in depth for read/write access across environments - Hardening of containers - Secure deployment of containers into Kubernetes

  12. Service Mesh

  13. Service Mesh - Embed zero trust deeply into the Virtual

    Machine or the container - Sidecar pattern

  14. Service Identity

  15. Service Identity - Trust no container - A container requires

    a service identity with rotating credentials - The service identity is tied to authorized code from a trusted source repository

  16. Policy Management

  17. Policy Management - Policy Management infrastructure is fundamental - manage

    whitelists, attribute level access controls - automation and real-time auditing of each service identity - network identity and certificate policy

  18. Roadmap to Zero Trust

  19. Disclaimer Working in a greenfield environment, an enterprise would find

    themselves at different levels of maturity to get them to a zero trust cloud-native architecture.

  20. Adopt a declarative approach to how code is pushed

  21. Security operations cannot operate in a silo

  22. Learning the complexities of managing and securing Kubernetes

  23. Control traffic, security, permissions, and observability with a Service Mesh

  24. Using certificate-based mTLS (mutual transport layer security)