Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Frederick Kautz

2023-04-21

The presentation discusses the importance of establishing trust in computer systems and processes, and challenges the concept of 'zero trust' by suggesting that it should be renamed to 'zero implicit trust' to make it explicit.

• Understanding the context of a system is important in determining how much to spend on defending it and what the value of the thing being defended is
• Establishing trust in the foundation of a system is crucial before building on top of it
• Developing a framework for trust involves asking questions about what is being trusted and why, and what the consequences are if that trust is violated
• The blast radius of an incident should be kept small to minimize the impact of a breach or failure
• The concept of 'zero trust' should be renamed to 'zero implicit trust' to make it explicit that something is being trusted and to encourage proper analysis and risk assessment

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: James Callaghan

2023-04-21

The presentation discusses the use of threat modeling in a fictitious example of a workload architecture, and the importance of prototyping early to understand how technologies integrate with each other and what can go wrong.

• The example architecture includes an external facing service using TLS, mutual TLS for service communication, and web identity federation for accessing AWS services
• Two approaches are presented: a simple web service and a service mesh approach using Istio and OPA
• Data flow diagrams are essential for threat modeling and can be used to apply STRIDE to individual communications
• Prototyping early helps to understand technology integration and potential issues
• The presentation includes a relevant anecdote about a last-minute issue with AWS policies on S3 buckets

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Thijs Ebbers, Diana Iordan

2023-04-19

In this talk we'll start out with a bit of Dutch folkore (Hey, we're in Amsterdam :-)), we'll explain what is wrong with typical "Least Privilege" & "Zero Trust" implementations and ask the confronting question: "Are we playing for a Draw or are we playing to Win against our IT security adversaries...? Next we'll use some "classical" laws of war/diplomacy, biology/business and engineering to develop a modern IT architecture suitable for todays challenges. This architecture is based on desired state infrastructure, built using CI/CD and Infra/Policy-as-code. It stores its data in Data Services. It uses Events, Observability and IAM to operate securely. (In summary: we cover quite a lot of the CNCF landscape...) We'll explain this architecture and show different views of this architecture for: - Architects/Developers/Engineers - C-level Managers - CISO/Auditors And answer some questions like: - Can it be build ? (spoiler : Yes, ING is running it today, details in previous talks we gave at OpenShift Commons Detroit & San Diego) - My workloads won't fit - We're not a bank, we cannot afford this - Doesn't this collide with current views/implementations of established entities in the security(/compliancy) industry ? To conclude answer any other question the audience asks