logo
allArticlesConferencesPresentations

Identity Based Segmentation for a ZTA

Conference:  Cloud Native SecurityCon North America 2023

Authors:   Ramaswamy Chandramouli, Zack Butcher

Abstract

Zero Trust is all about replacing implicit trust based on the network -- traditional perimeter security and an "access is authorization" model -- with explicit trust based on identity and runtime authorization. This means applications must authenticate and authorize service communicate in addition to end users. This gives rise to patterns like identity aware proxies and the service mesh for enforcing access. We'll discuss a quick-and-easy definition for a what a "zero trust architecture" is and discuss how a common use case -- application communication from cloud to prem through a DMZ -- can be simplified with identity aware proxies (and policy!), leading to organizational agility.
Materials:
Tags:

Post a comment

Related work

Zero Trust Workload Identity in Kubernetes

Conference:  Cloud Native SecurityCon North America 2023
Authors: Michael Peters

ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?

Conference:  BlackHat USA 2018
Authors:
2018-08-08

Fine-Grained User Authorization for Kubernetes with OPA and LDAP

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Cagri Cetin, Quentin Long
2021-10-14

I Can RBAC, and So Can You!

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Marc Boorshtein

New Phishing Attacks Exploiting OAuth Authentication Flows

Conference:  Defcon 29
Authors:
2021-08-01

Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps

Conference:  BlackHat USA 2021
Authors:
2021-11-10