Everyone building or operating cloud native applications must understand the fundamentals of security and modern threat models. Although this topic is vast, in this talk Daniel and Nic will focus on securing end-to-end (user-to-service) communication, and also explore how the combination of an edge proxy and service mesh using TLS and mTLS can be used to mitigate many person-in-the-middle attacks.
Key takeaways include:
– Understand the different characteristics of north-south and east-west traffic, and how the control plane needs to be optimised for each use case
– Understand why service mesh is in a unique place to enforce security features like mTLS, service identity, and traffic policies
– Learn how to ensure that there are no exploitable “gaps” within the end-to-end communication path
– Brief demonstrations of key principles using the open source Ambassador API gateway and Consul service mesh.