Secure Workloads Know Who They A.R.E: Attestation, Restriction & Enforcement in Kubernetes & Beyond

The makeup of most modern software systems is highly convoluted, and it's unlikely that the complexity is going away anytime soon. Many software systems comprise microservices, monoliths, and serverless apps spread between cloud and on-prem environments. These interconnections may appear straightforward at a micro level, but at a macro level, it's a web of complexity consisting of different backgrounds, standardizations, lifecycles, and more. It's not a multiverse, but it's still hard to secure it. How can your workloads know which peer applications to trust? How do you define standard criteria for attestation? How do you build on trust with an extensible least privilege principle? How do you create and enforce policies for the attestation and restriction criteria? In this talk, Lukonde will address these questions with a demo using SPIRE, Network Policies, Istio, and OPA Gatekeeper.