Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?
Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:
- Demystify machine identity and its relationship to secrets management and access control
- Discuss the issues with historical approaches in a cloud native environment
- Solve the "bottom turtle" trust bootstrap quandary
- Appraise the open source implementations and technologies available to you
- Demonstrate practical examples of how to acquire a workload identity or secret zero
- Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust
Click here to view captioning/translation in the MeetingPlay platform!