Demystifying Zero-Trust for Cloud Native Technologies

Authors:   Aradhna Chetal, Kishore Nadendla, Mariusz Sabath, Asad Faizi, Philip Griffiths


The main idea of the conference presentation is to discuss the importance of implementing zero trust security controls in cloud native environments.
  • Implementing zero trust security controls is essential in cloud native environments.
  • Strong identity and authentication infrastructure is important.
  • Defining the desired state upfront is crucial.
  • Continuous monitoring is necessary to enforce zero trust access-based control.
  • Access logs and auditing are used to track and monitor access to data and resources.
The speaker emphasized the importance of implementing strong identity and authentication infrastructure in cloud native environments. They shared a story about a company that suffered a data breach due to weak authentication controls. The breach resulted in the loss of sensitive customer data and damaged the company's reputation.


A Cloud-native platform empowered by a connected world that is also susceptible to malicious activity due to its connectedness of software, assorted users, devices, distributed applications and services, and supply chain in the software components. The continuously evolving complexity of current and emerging cloud, multi-cloud, and hybrid cloud, cloud-native network environments combined with the rapidly escalating and becoming nature of adversary threats has exposed the lack of effectiveness of traditional network cybersecurity defenses. Adopting the Zero-Trust Methodology for cloud-native applications must be incorporated and aligned as part of the Cloud Native Maturity model. This panel discussion will focus on “Zero-Trust Principles, Concepts and implementation approach for cloud-native applications” for the organization's assets 1) User, 2) Devices, 3) Networking, 4) applications, 5) Data for the following Zero Trust building blocks and to provide implementation guidelines. 1. Identity - Device and Human 2. Policy - Administration and Enforcement 3. Continuous Assessments - Evaluations and Monitoring 4. Always secure