Build a Secure Developer Platform Using Argo, Istio and Vault Jona Apelbaum & Alessandro Vozza

2 | Copyright © 2022 Field Engineer Solo.io Placeholder Slide Title Jona Apelbaum Platform Advocate Solo.io Alessandro Vozza

3 | Copyright © 2022

4 | Copyright © 2022 01 02 03 04 05 06 Developer Portals Pimp your IdP with Service Mesh Multi-{tenant|cluster|cloud} Automate everything w/ GitOps + Demo Secure your workloads + Demo Wrap up Agenda Slide – 6 Items

5 | Copyright © 2022 Solo.io - Pick the right Cloud-Native building blocks Well Funded ($135M), $1B Valuation Satisfied Customers (135% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership Unified Platform for API Gateway | Multi-Cloud | Zero-Trust | Observability

6 | Copyright © 2022 1. What is a Developer Portal?

7 | Copyright © 2022 Internal Developer Platforms Developers -first experience IdPs are interfaces to backend services, catalogs and utilities for developers

8 | Copyright © 2022 - Self service - Comprehensive - Best practices - Platform Engineering team - Secure - Automated discovery IdPs for all

9 | Copyright © 2022 SRE, Platform, DevOps? SRE practices Platform Engineering DevOps culture DevOps SRE Platform Engineering

10 | Copyright © 2022 2. Service Mesh and IdPs

11 | Copyright © 2022 Service Mesh in 2 minutes

12 | Copyright © 2022

13 | Copyright © 2022 3. Multi-{tenant|cluster|cloud}

14 | Copyright © 2022 Multi-everything

15 | Copyright © 2022 Multicluster Istio

16 | Copyright © 2022 Multicluster Istio

17 | Copyright © 2022 N/S vs E/W traffic

18 | Copyright © 2022 4. Automate everything w/ GitOps

19 | Copyright © 2022 GitOps in 2 minutes

20 | Copyright © 2022 How do we do GitOps https://akuity.io/

21 | Copyright © 2022 Demo 1: Multicluster canary

22 | Copyright © 2022 Intermezzo: what’s going on?

23 | Copyright © 2022 5. Securing your workloads

24 | Copyright © 2022 Traditional Security - Edge Security DC / On-Prem X DMZ

25 | Copyright © 2022 Traditional Security - Edge Security DC / On-Prem X Privileged user

26 | Copyright © 2022 Traditional Security - Edge Security DC / On-Prem X Privileged user Phishing victim

27 | Copyright © 2022 Traditional Security - Edge Security DC / On-Prem Privileged user Phishing victim Access unlocked!

28 | Copyright © 2022 Moving to Microservices ● Increased complexity ● Increased # attack surfaces ● More vulnerable

29 | Copyright © 2022 What is Zero Trust • Zero Trust (ZT) is a set of security principles that treats every component, service and user of a system continuously exposed to and potentially compromised by a malicious adversary • Zero Trust Architecture (ZTA) is an enterprise’s cybersecurity plan that utilises ZT concepts and encompasses component relationships, workflow planning, and access policies • Zero Trust Enterprise (ZTE) is the network infrastructure and operational policies that are in place for an enterprise as a product of zero trust architecture plan

30 | Copyright © 2022 Principles of Zero Trust • Assume no implicit or explicit trusted zone in network • Identity verification strictly enforced for all connections • Access Control strictly enforced for communication between apps and servers • Risk profiles, generated in realtime are used in resource access control • All sensitive data is encrypted both in transit and at rest • All events are continuously monitored, collected, stored and analysed to assess compliance with security policies • Policy management and distribution is centralised https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity

31 | Copyright © 2022

32 | Copyright © 2022 Secretless workloads with Vault

33 | Copyright © 2022 Demo 2: Secretless workloads

34 | Copyright © 2022 6. Wrap up What did we learn?

35 | Copyright © 2022 35 | Copyright © 2022 https://academy.solo.io

Thank You!