Lessons From Migrating to SPIFFE After 10 Years of Service Identity at Square
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a conference talk detailing Square's migration to SPIFFE for service identity after a decade of using their own system. Learn about the migration process and ten key lessons, including managing expectations, leveraging community support, taking principled risks, ensuring backward compatibility, and balancing return on investment. Gain insights into the challenges of infrastructure ossification, changing mental models, and the impact of lower TTLs on on-call pressure. Discover why security alone isn't a compelling selling point and the importance of making migrations self-serve. Understand the value of teamwork in overcoming obstacles and implementing a seamless service identity system across multiple environments.
Syllabus
Intro
Origins of Service Identity at Square
The Migration Process
What We Learned
Manage Your Expectations
The Community is your superpower
Take Principled Risks
Backward Compatibility is a Must
Manage Your ROI
Security isn't a good selling point
Make Migration self-serve or DIY
Infrastructure Ossifies ; Abstractions Leak
Mental Models are hard to overcome
Lower TTL means higher on-call pressure
Teamwork Makes the Dreamwork!
Questions?
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introducción a SPIFFE y SPIRE - Autenticando servicios nativos de la nubeEkoparty Security Conference via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
Linux Foundation via YouTube How SPIFFE Helps Istio in Service Mesh Federation
Linux Foundation via YouTube Trust No System: The Unsettling Reality of Zero Trust
CNCF [Cloud Native Computing Foundation] via YouTube