Don't Trust anyone.... Secure your Microservices with ZeroTrust approach.

Track: Security
Abstract
Edge trusting is dead, long live Zero Trust. We were used to deal with `edge security` , direct integration with IDPs using different libraries, also dealing with certificates, SSL, securing the point of entrance to our system, and after that.... well, if you are in the system is because you are allowed to ...... or not ? Nowadays CVEs, massive attacks, are common .... for sure you remember some recent cases ....don't you ? So, the idea of protecting only the most external layer of our system , based on the idea that nobody can be in the system if that gate has not been successfully passed, is no longer valid. In this session I will share my knowledge on protecting K8s and VMs clusters following the ZeroTrust approach, covering concepts like : Zero Trust security, SSL transport, Observability, Authz and Authn , and everything without touching a single line of our Java ( Quarkus ) microservices and how to change that configuration without telling a word to the app developer.
Jonathan Vila
Java Champion, Organiser at BarcelonaJUG and cofounder of the JBCNConf conference in Barcelona. Working at Tetrate as Software Engineer, on Service Mesh and Istio on top of Kubernetes, but I have worked as a (paid) developer since the first release of The Secret of Monkey Island, about 30 years ago. Former SSE at Red Hat in Keycloak team, SSE at Ocado Technology, SSE at Netcentric. Very interested in simulated reality, psychology and Java along with management technologies.