Designing Zero Trust Systems

Transcript

1. Designing Zero Trust Systems Damjan Gjurovski, CTO of Posedio Cloud

   Native Meetup Linz 25.02.2025

2. Do it RIGHT. Hello 2 • Head of Technology of

   Posedio • Work on Software/Data/Platform Engineering • Largest online transaction processing engine in AT • Largest GCP developer platform in AT • Enjoys building secure systems • How can we build secure systems?

3. Do it RIGHT. Security, the old way 01

4. Do it RIGHT. The good old days 4

5. Do it RIGHT. Becoming useful 5

6. Do it RIGHT. What about a nice frontend? 6

7. Do it RIGHT. Admin access needed 7

8. Do it RIGHT. Load balancing to the rescue 8

9. Do it RIGHT. Who can access our services 9

10. Do it RIGHT. Let’s keep things private 10

11. Do it RIGHT. The crown jewels 11

12. Do it RIGHT. Compartmentalisation is the solution 12

13. Do it RIGHT. Or is it? 13

14. Do it RIGHT. What is security? 02

15. Do it RIGHT. The glossary 15 CIA triad

16. Do it RIGHT. The glossary 16 Triple A

17. Do it RIGHT. The glossary 17 Root of trust

18. Do it RIGHT. The glossary 18 Identity

19. Do it RIGHT. How can we secure our systems 03

20. Do it RIGHT. IdP - Keycloak 20

21. Do it RIGHT. Workload Identity – SPIFFIE/SPIRE 21

22. Do it RIGHT. Policy - OPA 22

23. Do it RIGHT. Permissions - SpiceDB 23

24. Do it RIGHT. Secrets - Vault 24

25. Do it RIGHT. mTLS - ISTIO 25

26. Do it RIGHT. Image scanning - Trivy 26

27. Do it RIGHT. Image signing – cosign (honourable mention –

    chainguard) 27

28. Do it RIGHT. Threat detection - Falco 28

29. Do it RIGHT. The Application 29

30. Do it RIGHT. The Platform 30

31. Do it RIGHT. THANK YOU! CONTACT US: Weyringergasse 1-3/DG 1040

    Wien www.posedio.com office@posedio.com 31