What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust

Explore the critical intersection of Zero Trust principles and cloud-native technologies in this 32-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into the importance of threat modeling in multi-cloud and hybrid architectures, learning how to apply the 'never trust, always verify' philosophy effectively. Discover fundamental threat modeling concepts and their application to distributed cloud-native workloads. Examine a demonstration of a simple system built on Zero Trust principles, featuring Istio service mesh within a Kubernetes cluster. Learn about implementing cryptographically strong workload identities using SPIRE server and leveraging Istio External Authorization for delegating layer 7 authorization decisions to OPA sidecars. Gain insights into building a comprehensive threat model and introducing controls aligned with Zero Trust philosophy, including a demonstration of custom signing and verification of OPA bundles.

What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust - J Callaghan & R Featherstone