DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
Download as PDF, PPTX2 likes705 views
The document discusses a presentation about implementing zero trust networks on Docker Enterprise Kubernetes. It begins with motivations for zero trust like changes in app architectures, security threats, and deficiencies of traditional network zoning models. It then covers using Calico and Istio on Docker Enterprise to provide zero trust security with benefits like resilience against compromise and decoupling security from network location. The presentation includes a demo of a sample app and concludes with time for questions.
More Related Content
Similar to DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes(20)
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
- 1. Spike Curtis Senior SoftwareEngineer, Tigera Zero Trust Networks Come to Docker Enterprise Kubernetes Brent Salisbury Software Alliance Engineer, Docker
- 2. Agenda • Motivation forZero Trust Networks − Trends in application architecture − Trends in threat landscape − Deficiencies of the “Zone” model • Building Zero Trust with Docker Enterprise, Calico & Istio − Calico & Istio architecture − DEMO! • Conclusion, Q&A
- 3.
- 4. Intra-Security Zone TrafficHairpin
- 5.
- 6.
- 7.
- 8. Distributing Policy AcrossCompute
- 9.
- 10.
- 11. Zero Trust Networking Thenetwork is always assumed to be hostile
- 12.
- 13.
- 14.
- 15.
- 16.
- 17. ● Resilient againstcompromised devices, workload, and network links ● Security is decoupled from network location ○ Simplified management ○ Flexible deployment ● VPNs are no longer needed Zero Trust Networking Advantages
- 18. Zero Trust NetworkingSoftware Control Plane Data PlanePlatform
- 19. Calico & IstioArchitecture NodeNode Pod Workload Istio Citadel Envoy Felix Pod Workload Envoy Felix Mutual Authentication & Encryption Calico Policy Dikastes Dikastes IPTables IPTables
- 20.
- 21.