Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane

less than 1 minute read

Abstract

Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this “trust” in a dynamic cloud native system?Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:Demystify machine identity and its relationship to secrets management and access controlDiscuss the issues with historical approaches in a cloud native environmentSolve the “bottom turtle” trust bootstrap quandaryAppraise the open source implementations and technologies available to youDemonstrate practical examples of how to acquire a workload identity or secret zeroStrive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trustClick here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video