YoVDO

Establishing a Production Zero Trust Architecture

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

DevSecOps Courses Security Policies Courses SPIFFE Courses SPIRE Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the implementation of a Zero Trust Architecture in this comprehensive conference talk by Frederick Kautz from SPIFFE/SPIRE. Develop a working definition of Zero Trust for organizational security policies, and learn to leverage CNCF and open-source technologies to achieve this architecture. Focus on cryptographic identities for workloads, define security policy controls, and address DevOps/DevSecOps requirements, including automation and observability for effective threat response. Discover strategies for onboarding legacy systems into a Zero Trust environment and gain insights on fostering organizational culture change to adopt these technologies while balancing security expert and application architect concerns. Explore topics such as the Triangle of Trust, perimeter defense versus Zero Trust, user identity, workload attestation, policy establishment, and inter-organizational trust. Delve into advanced use cases like multi-party edge compute, infrastructure identities, and multi-factor authorization using SPIFFE and JWT. Gain valuable knowledge on information security fundamentals, observability, education, and automation to successfully implement a production-ready Zero Trust Architecture.

Syllabus

Intro
Reality/Assumption Gap
Drivers
Change comes with Risk
Triangle of Trust
Perimeter Defense - Zero Trust
Zero Trust Environment
User Identity
Attest Workloads
Establish Policy
Establish Trust between Organizations
Application needs a connection to the Secure Corporate Intranet!
Advanced Use Case: Multi-Party Edge Compute
Identities for Infrastructure too
No Workload Authentication
Multi-factor Authorization (SPIFFE+JWT)
Workload 2FA: Identity Provider + Application Identity
Let's back up and talk strategy
Information Security 101
One possible early strategy
Observability
Education
An Aside: Legacy Systems
Automate
Educate


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX
DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX
Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight
Integrating Incident Response into DevSecOps
Pluralsight
DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning