Zero trust networking with SPIFFE and SPIRE

Zero trust networking with SPIFFE and SPIRE (Daniel Feldman)

Once upon a time, your corporate network was an impregnable fortress. Intruders would test the firewall and be rebuffed, while everyone inside the firewall trusted each other completely. If an attacker made it through the firewall, then you fixed the firewall, but there was no need to change anything inside.

Today, that model is broken. The firewall has hundreds of holes, from external-facing applications, to cloud links, to spear-phishing attackers. We can’t rely on the firewall anymore to keep the bad guys out.

As part of the SPIFFE open-source project at Scytale.io, we’re working on securing communication inside your network. We assign each application a certificate, with its identity verified using the underlying infrastructure (Kubernetes, AWS, Unix accounts, and more on the way). Then we encrypt all the connections between applications using those certificates. This is called zero trust networking.

With SPIFFE, even if the attacker makes it inside your network, they can’t intercept traffic or connect to applications. For this meetup, I’ll demonstrate using SPIFFE and our reference implementation SPIRE to build a zero trust network.

Speaker Bio

Daniel Feldman helped make NetBackup, the world’s most popular enterprise backup product, into a zero trust system. Today he is working at Scytale.io trying to build the underlying technology to bring zero trust networks everywhere.

Hosted at SPS Commerce: https://jobs.spscommerce.com/
Food and drink sponsored by Rundeck: https://www.rundeck.com/

Schedule:
6pm: Doors open
6:30pm: Welcome and speaker
9pm: Close