Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Zero Trust in a Cloud-Native Enterprise

Daniel Kocot
PRO
January 19, 2021
Technology
0
75

Zero Trust in a Cloud-Native Enterprise

Daniel Kocot
PRO

January 19, 2021
Tweet

More Decks by Daniel Kocot

See All by Daniel Kocot
Navigating the Post OpenAPI Era
danielkocot
PRO
0
4
The Digital Product Passport
danielkocot
PRO
0
6
Establishing a Specification Framework for API Management Federation
danielkocot
PRO
0
3
API Sprawl In The Era Of Great Unbundling
danielkocot
PRO
0
26
API Development: Evolving Prospects and Future Outlook
danielkocot
PRO
0
75
API Thinking
danielkocot
PRO
0
50
The intersection of AI and API Development
danielkocot
PRO
0
19
Unlocking collaboration with Internal Developer Portals and Marketplaces - Democratizing API Access
danielkocot
PRO
0
22
leveraging_prompt_engineering_for_effective_openapi_descriptions_of_apis.pdf
danielkocot
PRO
0
24

Other Decks in Technology

See All in Technology
DMARC 対応の話 - MIXI CTO オフィスアワー #04
bbqallstars
1
120
SREの前に
nwiizo
11
2.6k
Team Dynamicsを目指すウイングアーク1stのQAチーム
sadonosake
1
200
ジョブマッチングサービスにおける相互推薦システムの応用事例と課題
hakubishin3
3
620
エンジニアが一生困らない ドキュメント作成の基本
naohiro_nakata
2
140
AWS パートナー企業でテクニカルサポートに従事して 3年経ったので思うところをまとめてみた
kazzpapa3
1
210
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
170
ZOZOTOWNのホーム画面をパーソナライズすることの難しさと裏話を語る
f6wbl6
1
470
全社横断データ活用推進のコツと その負債とのつき合い方
masatoshi0205
0
160
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
1
360
AIチャットボット開発への生成AI活用
ryomrt
0
120
株式会社島津製作所_研究開発(集団協業と知的生産)の現場を支える、OSS知識基盤システムの導入
akahane92
1
170

Featured

See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Building Applications with DynamoDB
mza
90
6.1k
GraphQLとの向き合い方2022年版
quramy
43
13k
The Invisible Side of Design
smashingmag
297
50k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Practical Orchestrator
shlominoach
186
10k
We Have a Design System, Now What?
morganepeng
50
7.2k
Ruby is Unlike a Banana
tanoku
96
11k
Making Projects Easy
brettharned
115
5.9k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Automating Front-end Workflow
addyosmani
1366
200k

Transcript

  1. Zero Trust in Cloud Native Enterprises

  2. API Expert / Senior Solutions Architect

  3. 2014

  4. Beyond Corp “A new approach to Enterprise Security”

  5. 2019

  6. BeyondProd “A new approach to cloud-native security”

  7. Foundational pillars of Zero Trust Service Identity DevSecOps Policy Management

    GitOps Service Mesh

  8. GitOps

  9. GitOps - Maintenance of the preferred state of your system

    in a Git repository - Git as the “single source of truth” - immutable infrastructure => Infrastructure as Code - immutable containers => Docker - declarative container orchestration => Kubernetes

  10. DevSecOps

  11. DevSecOps - A zero-trust mindset is needed for all aspects

    of the software development lifecycle - A security team should be part of the engineering team - Scanning during development - Assuming defence in depth for read/write access across environments - Hardening of containers - Secure deployment of containers into Kubernetes

  12. Service Mesh

  13. Service Mesh - Embed zero trust deeply into the Virtual

    Machine or the container - Sidecar pattern

  14. Service Identity

  15. Service Identity - Trust no container - A container requires

    a service identity with rotating credentials - The service identity is tied to authorized code from a trusted source repository

  16. Policy Management

  17. Policy Management - Policy Management infrastructure is fundamental - manage

    whitelists, attribute level access controls - automation and real-time auditing of each service identity - network identity and certificate policy

  18. Roadmap to Zero Trust

  19. Disclaimer Working in a greenfield environment, an enterprise would find

    themselves at different levels of maturity to get them to a zero trust cloud-native architecture.

  20. Adopt a declarative approach to how code is pushed

  21. Security operations cannot operate in a silo

  22. Learning the complexities of managing and securing Kubernetes

  23. Control traffic, security, permissions, and observability with a Service Mesh

  24. Using certificate-based mTLS (mutual transport layer security)