Securing the Mesh

Capital Factory - 701 Brazos St Austin - View Map Cloud Native Austin
Thu, Jul 16, 2020, 6:00 PM (CDT)

About this event


6:00pm: Socializing, Food and Drinks
6:15pm: Announcements
6:30pm: Talk: Securing the Mesh
**Free CNCF / Docker swag and a free O'Reilly book or two**
8:00pm: Conclude


When implementing a network security solution in a cloud native environment, the ephemeral nature of workload instances creates a challenge in identifying the parties to each network connection. Introducing a service mesh into that environment creates additional challenges - each connection now has one or more extra hops to and from the proxies and communication between workloads is usually encrypted. On the other hand, the proxy itself is an excellent point to implement network security, since it has the context for each connection as well as visibility to the plaintext content of the communication.

Lee Calcote from Layer5 and Haim Helman from Octarine will discuss a typical journey to cloud native and subsequently to a service mesh and the security concerns raised in that process.

Haim and Lee will present the security features that are inherent to the mesh itself - encryption, mutual authentication and identity-based layer-7 access control. They will further elaborate on advanced security features that can be achieved by extending the mesh’s data plane (e.g. new Envoy filters) and control plane (e.g. new Istio Mixer adapters). These include signature-based and anomaly-based threat detection, automation of access control policy creation and enhanced visibility and reporting of access control policy violations.
Haim will demonstrate how Octarine utilizes Envoy and Istio to secure cloud native workloads.


Haim Helman, CTO, Octarine

Lee Calcote, Founder, Layer5,

How to find us: (venue courtesy of our sponsor):
Capital Factory, Austin City Limits Room, 16th floor


Thursday, Jul 16
6:00 PM - 8:00 PM (CDT)


Capital Factory
701 Brazos St Austin