Sponsored Lightning Talk: Securely Bridging Cloud-Native and Traditional Workloads with SPIRE

SPIRE is a solution for securely bridging cloud-native and traditional workloads by establishing secure service identities across an organization, regardless of the platform they are running in.

• Traditional security through strong perimeters becomes too hard to manage and secure as new services, data centers, clouds, and regions are added within one cloud.
• SPIRE distributes secure identities to all the services within an organization, allowing them to establish secure connections.
• SPIRE uses two components: SPIRE server and SPIRE agent.
• The agent proves its identity to the server, which verifies its identity and checks the identity of the workload process using operating system and platform primitives.
• Once every workload has its own identity, they can establish secure connections using a variety of different protocols.

In almost every organization, there are services like databases and legacy workloads that are outside Kubernetes, but that still have to communicate with Kubernetes workloads. Doing this securely is a challenge, since the methods that are available within a cluster to provide secure connections aren’t available outside it. SPIRE can help organizations overcome this challenge by establishing secure service identities across their organization, regardless of the platform they are running in.

Sharing of Personal Information with Sponsors In order to facilitate networking and business relationships at the event, you may choose to visit a third partyʼs virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third partyʼs logo in the Solutions Showcase or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the Sponsor Theater, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.Not everyone can go cloud native right away! In almost every organization, there are services like databases and legacy workloads that are outside Kubernetes, but that still have to communicate with Kubernetes workloads. Doing this securely is a challenge, since the methods that are available within a cluster to provide secure connections aren’t available outside it. The CNCF’s SPIRE project is the solution: it can help you establish secure service identities across your organization, regardless of the platform they are running in. We’ll demonstrate several design patterns with SPIRE and show how it can integrate with other CNCF security tools.