Everyone building or operating cloud native applications must understand the fundamentals of security issues and modern threat models. Although this topic is vast, in this talk Nic and Daniel will focus on the end-to-end communication and higher-level networking threats, and explore how the combination of an edge proxy and service mesh using TLS and mTLS can be used to mitigate many man-in-the-middle attacks.
Key takeaways include:
- An understanding of the "three pillars" of service mesh functionality: observability, reliability, and security. A service mesh is in a unique place to enforce security features like mTLS
- Learn how to ensure that there are no exploitable "gaps" within the end-to-end/user-to-service communication path.
- Explore the differences in ingress/mesh control planes, with brief demonstrations using Ambassador and Consul Connect