SPIFFE and SPIRE with Derek Edwards and Ryan Turner
The shift to microservices architectures and distributed systems has been a challenge for systems using conventional security practices, such filtering IP addresses using network policies. In addition, the increasing intersection of development and operations exemplified by the DevOps methodology has expanded the scope responsibilities in implementing secure systems.
Part of CNCF, SPIFFE is a set of open-source specifications for issuing identity to services in heterogenous, distributed environments such as a cloud-native microservices architecture. Systems implementing SPIFFE bypass the need for application-level authentication and network-level ACL configuration. SPIRE, or the SPIFFE Runtime Environment, is a system that implements the SPIFFE standards to manage platform and workload attestation, providing an API for controlling policies, and coordinating certificate issuance and rotation.
Derek Edwards is the head of engineering at Anthem.ai, and Ryan Turner is a software engineer at Uber. They join the show today to talk about the challenges of managing security in a distributed system, how adopting SPIFFE represented a paradigm shift in their authentication workflow, and how the SPIFFE and SPIRE projects are evolving to meet the needs of the next generation of cloud-native applications. HPE sponsored this podcast.
Sponsorship inquiries: firstname.lastname@example.org
Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com/sed to get 20% off the first two months of audio editing and transcription services. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.
X-Team is a company that can help you scale your team with new engineers. X-Team has thousands of proven developers in over 50 countries ready to join your team who will provide an immediate positive impact and let you get back to focusing on what’s most important, moving your company forward. X-Team helps you scale and retain those teams for the long haul and provide solutions that give your company long-lasting, forward-moving momentum. If your development team could use some firepower via some of the top engineering talent in the world, visit x-team.com/sedaily
Courier is the fastest way to build notifications for your application. With Courier’s easy-to-use API and software, developers and product teams can reach users across every channel – email, SMS, push, and chat apps like Slack and WhatsApp. From designing templates to setting delivery rules and managing user preferences, you’ll get a complete notifications system that’s ready to be deployed in hours. Create your free account at: courier.com/sedaily.
Panther is a cloud-native security analytics platform built by a veteran team of security practitioners from high-tech companies like Airbnb and Amazon to help address modern security challenges. Craft expressive Python detections to identify specific activity in your environment and generate high-signal alerts in real time. Process and normalize data from across your environment to build a scalable security data lake in AWS or Snowflake that grows with your business. Check out Panther today.
Go to replicated.com/sedaily to learn how Replicated can help you modernize your on-prem software delivery strategy. Replicated gives software vendors a container-based platform for easily deploying cloud native applications inside customers’ environments to provide greater security and control. There is a secure way that your customers can use your application without ever having to send data outside of their control. Go to replicated.com/sedaily to get a free 21 day trial of the Replicated platform.