EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)
Description
Guests:
-
Evan Gilman, co-founder CEO of Spirl
-
Eli Nesterov, co-founder CTO of Spril
Topics:
-
Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them?
-
What’s so spiffy about SPIFFE anyway?
-
What’s different between this and micro segmentation of your network–why is one better or worse?
-
You call your book “solving the bottom turtle” could you tell us what that means?
-
What are the challenges you’re seeing large organizations run into when adopting this approach at scale?
-
Of all the things a CISO could prioritize, why should this one get added to the list? What makes this, which is so core to our internal security model–ripe for the outside world?
-
How people do it now, what gets thrown away when you deploy SPIFFE? Are there alternative?
-
SPIFFE is interesting, yet can a startup really “solve for the bottom turtle”?
Resources:
-
“Solving the Bottom Turtle” book [PDF, free]
-
“Surely You're Joking, Mr. Feynman!” book [also, one of Anton’s faves for years!]
- Workload Identity Federation in GCP