Zero-Trust & Kubernetes: Redefine Your Web App & API Security Model

In the zero trust context, web apps are always exposed, so automated detection and prevention of malicious behavior at layer 7 must be part of a defense-in-depth security strategy.
When it comes to protecting the applications that empower organizations’ workforces and customer bases, how can a flexible web app and API security model help security stakeholders enforce zero trust security while still providing an excellent customer experience that drives the business?

At the same time, Kubernetes dominates the container orchestration market. According to the Cloud Native Computing Foundation, 78% percent of organizations are managing some portion of their container workloads using Kubernetes. As more organizations transition from monolith legacy applications to modern, distributed apps, DevOps teams often lean on the speed and scale that Kubernetes enables.

However, scale at velocity introduces security risks: development and operations teams may not adequately secure the Kubernetes control plane, not properly enforce role-based access control (RBAC), or may expose internal services unknowingly—just to name a few. Any development and operations team must secure their containerized apps or risk attackers exploiting those vulnerabilities.

Jimmy Mesta will review the state of Kubernetes security, pitfalls to avoid and best practices for zero trust, including how to use next-gen web application security tooling to automate securing containerized apps and APIs.

He’ll also explore the future of service mesh as a means to utilize encrypted persistent connections to secure containerized workloads and how to get visibility into the east-west traffic between services as the perimeter is a moving target.


   Jimmy Mesta

   Senior Manager, Security