Zero Trust and High Assurance for Cloud-Native Applications

Fourth Annual Multi-Cloud Conference and Workshop

May 25, 2023 - Conference Co-Hosted by NIST, DoC, and Tetrate

This year’s Multi-Cloud Conference will focus on delivering Zero Trust Architecture (ZTA) through application-tier and network-tier policies in a high-assurance service mesh operating environment. This makes the enforcement of consistent, enterprise-wide policy a reality irrespective of service or application location, whether on-premises or across multiple clouds.

We’ll look at security challenges that public agencies face and provide insight and know-how to address them to ensure that your agency’s security posture can protect against threats. We will also discuss critical tools for achieving high assurance security for cloud-native applications, including API gateways and infrastructure for assigning tamper-proof cryptographic identities to applications. We will further discuss techniques for instilling trust in the entire application life cycle, such as securing supply chain artifacts, policy and infrastructure as code, continuous authorization to operate, and observability strategies.

The conference program features both thought leadership and actionable insight from experts in service mesh, ZTA, identity-centric security, open-source software development, and emerging NIST Special Publications. Presentations will cover a wide range of topics, including:

• NIST recommendations for realizing zero trust principles in cloud-native applications and for securing artifacts in software supply chains
• Approaches for authentication and access control for users, services, and devices in cloud-native applications in multi-cloud environments 
• The role of open source in cloud-native application security and compliance
• Best practices and common pitfalls for implementing ZTA

Policymakers, entrepreneurs, students, and cybersecurity professionals are encouraged to attend!

May 24, 2023 - Workshop: Introduction to Service Mesh with Istio and Envoy

Free 2-hour Service Mesh Training 

Location: Ronald Reagan Building, 1300 Pennsylvania Ave, Suite 700, Washington, DC 20004 

Session 1: 1:00 - 2:45PM EDT (max 55 registrants)

Session 2: 3:00 - 4:45PM EDT (max 55 registrants)

A service mesh is a modern and powerful tool for implementing the tenets of zero trust. It provides dynamic, behavior-based security to protect microservices, APIs, and data, including end-to-end encryption, attribute-based access control (ABAC), API threat detection and protection, and full audit histories with dashboards for continuous proof of compliance.

In this workshop, you will learn the basics of service mesh and get hands-on training with Istio, Kubernetes, and other tools to build in-app and user-level security permissions, encryption in transit, and enhanced identity and access controls, as well as provide runtime observability – all of which are necessary for achieving zero trust security in practice.

Between exercises, we will present the theory behind how the service mesh works, and you will have virtual access to service mesh experts to answer your questions throughout the workshop. With this knowledge and your practical experience, you will be able to:

• Understand service mesh and the capabilities it offers to manage microservices
• Understand the high-level architecture and components of technology solutions (e.g., Istio)
• Install the Istio service mesh on top of a Kubernetes cluster
• Interact with the service mesh using the istioctl command line tool
• Use Istio dashboards to monitor and debug microservices

Presenters:

• Matt Turner, Software Engineer, Tetrate
• Zack Butcher, Founding Engineer, Tetrate