Designing Zero Trust Systems - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Designing Zero Trust Systems Damjan Gjurovski, CTO of Posedio Cloud Native Meetup Linz 25.02.2025

Slide 2

Slide 2 text

Do it RIGHT. Hello 2 • Head of Technology of Posedio • Work on Software/Data/Platform Engineering • Largest online transaction processing engine in AT • Largest GCP developer platform in AT • Enjoys building secure systems • How can we build secure systems?

Slide 3

Slide 3 text

Do it RIGHT. Security, the old way 01

Slide 4

Slide 4 text

Do it RIGHT. The good old days 4

Slide 5

Slide 5 text

Do it RIGHT. Becoming useful 5

Slide 6

Slide 6 text

Do it RIGHT. What about a nice frontend? 6

Slide 7

Slide 7 text

Do it RIGHT. Admin access needed 7

Slide 8

Slide 8 text

Do it RIGHT. Load balancing to the rescue 8

Slide 9

Slide 9 text

Do it RIGHT. Who can access our services 9

Slide 10

Slide 10 text

Do it RIGHT. Let’s keep things private 10

Slide 11

Slide 11 text

Do it RIGHT. The crown jewels 11

Slide 12

Slide 12 text

Do it RIGHT. Compartmentalisation is the solution 12

Slide 13

Slide 13 text

Do it RIGHT. Or is it? 13

Slide 14

Slide 14 text

Do it RIGHT. What is security? 02

Slide 15

Slide 15 text

Do it RIGHT. The glossary 15 CIA triad

Slide 16

Slide 16 text

Do it RIGHT. The glossary 16 Triple A

Slide 17

Slide 17 text

Do it RIGHT. The glossary 17 Root of trust

Slide 18

Slide 18 text

Do it RIGHT. The glossary 18 Identity

Slide 19

Slide 19 text

Do it RIGHT. How can we secure our systems 03

Slide 20

Slide 20 text

Do it RIGHT. IdP - Keycloak 20

Slide 21

Slide 21 text

Do it RIGHT. Workload Identity – SPIFFIE/SPIRE 21

Slide 22

Slide 22 text

Do it RIGHT. Policy - OPA 22

Slide 23

Slide 23 text

Do it RIGHT. Permissions - SpiceDB 23

Slide 24

Slide 24 text

Do it RIGHT. Secrets - Vault 24

Slide 25

Slide 25 text

Do it RIGHT. mTLS - ISTIO 25

Slide 26

Slide 26 text

Do it RIGHT. Image scanning - Trivy 26

Slide 27

Slide 27 text

Do it RIGHT. Image signing – cosign (honourable mention – chainguard) 27

Slide 28

Slide 28 text

Do it RIGHT. Threat detection - Falco 28

Slide 29

Slide 29 text

Do it RIGHT. The Application 29

Slide 30

Slide 30 text

Do it RIGHT. The Platform 30

Slide 31

Slide 31 text

Do it RIGHT. THANK YOU! CONTACT US: Weyringergasse 1-3/DG 1040 Wien www.posedio.com [email protected] 31