0      0

(ISC)2 Security Congress 2022

2101718 - Zero Trust Networking: Betting on mTLS to Secure Cloud Native Services


Oct 11, 2022 1:35pm ‐ Oct 11, 2022 2:35pm


Description

Engineering secure communications in order to control data integrity and confidentiality between cloud-native applications is not trivial. It requires knowledge of how mutual TLS (mTLS) works and how to implement it correctly to comply with government requirements and the security industry’s drive towards zero trust. Getting it right makes all the difference in whether or not cloud applications and/or microservices are protected from man-in-the middle attacks, service identity spoofing attacks and malicious API requests. Presented is a case study on implementing mTLS and the lessons learned in AuthZ, AuthN and encryption. Finally, we explain the benefits of applying zero trust principles at the network layer when standardizing on mTLS for application services using Istio for a service mesh.

Learning Objectives:
  • Understand the benefits of using mTLS for AuthZ and AuthN between cloud-native microservices.
  • Understand and apply an mTLS design pattern for an Istio service mesh.
  • Have the ability to explain the attack surface for a cloud-native application.

Speaker(s):

You must be logged in and own this session in order to post comments.