NIST & Tetrate Conference Takeaways: “Identity Management and Access Control in Multi-Cloud”
The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).
The new world of microservices and multi-cloud are allowing greater flexibility, scalability and increased agility in delivery, and reduced the surface area for possible service attacks. But new, polyglot challenges and complexities arise in a decomposed architecture. Service mesh abstracts authorization and authentication issues to a common layer of infrastructure equipped with features such as access control, mTLS, auditing tools and service-to-service encryption.
The conference kicked off with a zero-day workshop that had quickly sold out, and lightning talks from Tetrate engineers. These generated a lasting buzz around Istio, Envoy, and other open source tools that secure, connect, manage and enable observability of services in a mesh. With many asking how they could contribute their time and expertise to open source projects.
A significant portion of the conference was dedicated to development and education surrounding best practices. Live demos from NIST and Tetrate, generated significant buzz, David Ferraiolo described Next Generation Access Control, a novel graph-based access control system developed by Ferraiolo and NIST and adapted to Istio by Tetrate, and highlight presentations from Ramaswamy Chandramouli (NIST) and Zack Butcher (Tetrate) on their recently drafted special publication, Building Secure Microservices-based Applications Using Service-Mesh Architecture currently open for comments until 2/14/2020.
Conference speakers addressed challenges that face organizations today in multi-cloud. Waverley Labs’ CEO Juanita Koilpillai stressed education across stakeholders is the greatest challenge ahead, and Aradhna Chatel (HSBC) emphasized the need for service mesh– done right.
There was no clearer examples of the need for this, or how it can be achieved than with a panel of early adopters, Anil Vatti (Visa) and Lixun Qi (Freddie Mac), and Aradhna Chatel, and a talk by Department of Defense and the United States Air Force Chief Software Officer, Nicolas Chaillan. He spoke passionately about the move that they had made to Kubernetes and Istio, “We also wanted something that was open source and highly flexible and you know, modular. So we picked Istio…When we look at the size of what we do, with people and if we start to have to coordinate teams, just to have a data TLS library, that could be a disaster. So having the ability to have the platform team update the mesh, and not impact the application team. That’s huge.”
Our team presented throughout the day at NIST, including founders Varun Talwar (CEO) presenting the keynote, Jeyappragash Jeyakeerthi moderating a panel on ZTA and DevSecOps, Ignasi Barrera presenting access control demos with NIST’s Joshua Roberts, Liam White on Istio and Envoy, and Zachary Butcher on securing applications with service mesh.
The world and security requirements continue to change rapidly and with a service mesh and open source, we stand the greatest chance of remaining secure.
To watch the videos, visit the NIST website, and be part of the conversation.