The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
With the prevalence of cloud-native technologies continually growing, and organisations increasingly adopting multi-cloud and hybrid architectures, it has never been more important to discuss the principles of Zero Trust. In order to fully apply the philosophy of ‘never trust, always verify’, we must build systems with a sound understanding of the adversaries who may wish to compromise our data, how such a compromise could occur, and how we can protect ourselves by implementing proportionate, layered security controls. The foundation on which we can construct this ‘secure by design’ approach is threat modeling. In this talk, we will: - introduce the fundamental concepts of threat modeling, and how they can be applied to systems made up of many distributed cloud-native workloads; - demonstrate a simple system built using Zero Trust principles, with workloads running on an Istio service mesh within a Kubernetes cluster; - show how cryptographically strong workload identities can be provided by a SPIRE server; - demonstrate how Istio External Authorization can delegate layer 7 authorization decisions to OPA sidecars; - build our threat model and introduce controls following the Zero Trust philosophy, including a demonstration of custom signing and verification of OPA bundles.
Dr. James Callaghan is a Principal Consultant at ControlPlane. He started off working as a Theoretical Physicist, but long nights of coding sparked an interest in how easy it can be for vulnerabilities to creep in, and thus a career in cyber security was born. James then spent a number... Read More →
