Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

DevSecOps and ZTA for Cloud-Native Applications - Third Annual Multi-Cloud Conference and Workshop (virtual)

This year’s Multi-Cloud Conference co-hosted by NIST and Tetrate will focus on DevSecOps and ZTA as foundational approaches to development, deployment, and operational phases for achieving high-assurance cloud-native applications. 

The latest generation of cloud-native applications often consists of a collection of microservices that could be distributed and deployed across a heterogeneous infrastructure (on-premises, public cloud, containerized, running on virtual machines, etc). With the proliferation of DevSecOps, a service mesh has proven to provide the desired bridge between infrastructure and microservices to transparently add security, connectivity, observability, and reliability without any additional code. Service mesh plays a critical role in the incorporation of zero trust design principles and in the adoption of the DevSecOps paradigm that are essential to high operational assurances for this class of applications.

This conference will take place on Jan 27, 2022, and will feature presentations by domain experts, practitioners, and thought leaders in DevSecOps and Zero Trust Architecture (ZTA) deployments, as well as demonstrations of proof-of-concept use cases in multi-cloud environments. Presentations will address the following:

  • ZTA guiding principles and approaches for workflow, system design, and operations through DevSecOps pipelines, authentication and authorization frameworks, and continuous monitoring
  • NIST’s latest guidance on DevSecOps and security engineering practices
  • The role of automation in operational security
  • The benefits of prescribed approaches, such as prevention of configuration drift and continuous authority to operate 

The conference is preceded by a workshop on Jan 26, 2022, that will focus on Envoy and Istio. More details are provided below.

Entrepreneurs, students, and cybersecurity professionals are encouraged to attend!


WORKSHOP: Interactive Training with Envoy and Istio, January 26, 2022, 12:00 - 2:30 p.m. EST

Join a day early for a deep-dive, 2.5-hour training.

In this session, we’ll showcase a real-life deployment implementing Zero Trust Architecture, by deploying and describing the Platform One stack. This training will demonstrate how and why to use these tools to solve the challenges of security, observability, networking, and multi-cloud. We’ll walk through a real Platform One deployment showcasing the use of Istio, Kubernetes, and other tools to build in-app and user-level security permissions, encryption in transit, enhanced identity and access controls, and provide runtime observability required to achieve a zero-trust platform in practice. Throughout, you’ll have experts in the room to answer questions.

Familiarity with Kubernetes, Istio or service mesh, and Platform One will be helpful for attendees.

Topics include:

  • Traffic management and resilient communication between services
  • Policy enforcement and rate-limiting
  • Telemetry, monitoring, and reporting
  • Securing communication between microservices
  • Canary deployment
  • Secure compute and runtime controls with a service mesh
  • Cluster management
  • Deploying a service mesh across heterogeneous, multi-cloud enterprise environments

TECHNICAL CONTACT:

David Ferraiolo

SSA Group Manager

david.ferraiolo@nist.gov

Event Details

Starts: January 26, 2022 - 12:00 PM EST
Ends: January 27, 2022 - 05:30 PM EST

Format: In-person Type: Conference

Agenda Website

Parent Project

See: Cloud Computing

Related Topics

Security and Privacy: access control

Technologies: cloud & virtualization

Created December 08, 2021, Updated December 09, 2021