Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak - Brandon Lum & Mariusz Sabath, IBM

less than 1 minute read

Abstract

When an organization moves to a multi-cloud environment, one of the first questions a developer will ask is “How do I access my S3 bucket in AWS from my GCP cluster?” (or any other permutations thereof cloud services/providers). This is an unsurprising request. However, the solutions to these problems today are surprisingly inadequate, especially when security and compliance are considered. This problem stems from cloud providers/services each having their own notion of workload identity and schema, which makes federation difficult. This talk proposes a shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project to provide a consistent and secure organization-wide management plane for workload identity and access across multiple clouds. After all, user identities are managed on the organization level (e.g. LDAP, etc.), why should our handling of workload identities be any different?

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak - Brandon Lum & Mariusz Sabath, IBM

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google