SPIFFE: Zero Trust Workload Identification with Evan Gilman

SE Daily
By
Podcast Wednesday, November 14 2018

Podcast: Play in new window | Download

Subscribe: RSS

Modern software consists of sprawling international networks of servers.

Users contact these servers to access applications. Microservices talk to each other to fulfill complicated requests. Databases and machine learning frameworks crunch terabytes of information to provide complicated answers. Across this infrastructure, there is a lot of different activities–and a lot of vulnerabilities. Without a reliable model for security and trust, software can be easily compromised.

In the past, systems were often protected by a “firewall”, which is a security system around the perimeter of the network. A problem with this model is that if the attacker is able to penetrate the firewall, they can compromise anywhere in the network. Firewalls can be penetrated, so a much better security model is to assume that your network has already been compromised, and to require every internal system to identify and authenticate with each other.

“Zero-trust security” is a security model that requires internal systems to communicate with each other as if they were potentially compromised. Evan Gilman is the author of Zero Trust Networks: Building Secure Systems in Untrusted Networks. He also works on SPIFFE, a system for managing identity and trust within a zero-trust network.

In a previous episode about Google BeyondCorp, Max Saltonstall talked about zero-trust networking in the context of user and device authentication. In today’s episode, Evan discusses another side of zero-trust networking: workload identity and authentication. Just as Google BeyondCorp outlines an architecture for allowing devices to communicate with the network, the SPIFFE project outlines a system for workloads to identify and authenticate themselves. Workloads can range from MapReduce jobs to microservices to frontend application servers.

SE Daily

POPULAR

Software Daily

Software Daily

 
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.


Exclusive Articles

Weaving Generative AI into DevSecOps

Developing Dave the Diver with Jaeho Hwang and Minsuk Cha

Spring AI and Java in 2024

Cloud Engineering

Building Chess.com with Jay Severson

Mastodon with Eugen Rochko

AWS re:Invent Special: PartyRock Generative AI Apps with Mike Miller

Business and Philosophy

Startup Investing with George Mathew

KubeCon Special: Docker with Justin Cormack

Software Architecture with Josh Prismon

Greatest Hits

Hardening C++ with Bjarne Stroustrup

Surviving ChatGPT with Christian Hubicki

Special Episode with George Hotz

Popular

  1. Why We Switched from Python to Go
  2. Startup Investing with George Mathew
  3. Netflix Engineering with Jay Phelps
  4. Authlete and Making OAuth Accessible with Justin Richer
  5. Slack Data Platform with Josh Wills

Hackers

Making React 70% faster with Aiden Bai of Million.js

Cross-functional Incident Management with Ashley Sawatsky and Niall Murphy

SDKs for your API with Sagar Batchu

Data

Spring AI and Java in 2024

Iceberg at Netflix and Beyond with Ryan Blue

Building a Data Lake with Adam Ferrari