Demystifying Zero-Trust for Cloud Native Technologies - Kishore Nadendla, TIAA; Mariusz SABATH, IBM Research; Asad Faizi, Eskala.io; Aradhna Chetal, CNCF Security TAG; Philip Griffiths, NetFoundry
Abstract
A Cloud-native platform empowered by a connected world that is also susceptible to malicious activity due to its connectedness of software, assorted users, devices, distributed applications and services, and supply chain in the software components. The continuously evolving complexity of current and emerging cloud, multi-cloud, and hybrid cloud, cloud-native network environments combined with the rapidly escalating and becoming nature of adversary threats has exposed the lack of effectiveness of traditional network cybersecurity defenses. Adopting the Zero-Trust Methodology for cloud-native applications must be incorporated and aligned as part of the Cloud Native Maturity model. This panel discussion will focus on “Zero-Trust Principles, Concepts and implementation approach for cloud-native applications” for the organization’s assets 1) User, 2) Devices, 3) Networking, 4) applications, 5) Data for the following Zero Trust building blocks and to provide implementation guidelines. 1. Identity - Device and Human 2. Policy - Administration and Enforcement 3. Continuous Assessments - Evaluations and Monitoring 4. Always secure