Tetrate and NIST are hosting their third annual ZTA conference, ZTA and DevSecOps for Cloud Native Applications (virtual), on Wednesday, Jan. 26th (training) and Thursday, Jan. 27th (sessions). The conference provides the most valuable opportunity this year for organizations to gather a practical understanding of how to secure critical infrastructure. You will learn how to put together a ZTA stack for end-user traffic from the ground up.
With the severity of data breaches escalating, including damage to critical US infrastructure, executive orders have been issued, calling for federal agencies to adopt Zero Trust Architecture (ZTA). The DevSecOps approach is seen as essential to achieving high operational assurance for microservices-based applications. But many organizations face challenges in implementation. NIST and Tetrate are presenting the third annual edition of this conference to dive deeply into this new architectural model, which yields enhanced security and other benefits. Their work to date has already yielded ZTA standards for cloud-native applications.
The event includes a two-and-a-half-hour training on Jan. 26th demonstrating a ZTA implementation on Platform One, a live deployment currently in use by the DevSecOps team of the Department of Defense. And the conference on Jan. 27th includes a keynote from Kelsey Hightower of Google. He will not only address the fundamentals of the Zero Trust approach but will show you how to “roll your own” service mesh by stitching together a powerful set of open source projects. The lineup also includes Department of Commerce CIO André Mendes, NIST Fellow Dr. Ronald Ross, Tetrate Founding Engineer Zack Butcher; an all-star panel on ZTA in Practice; interactive breakout sessions, and more.
What it is
ZTA and DevSecOps for Cloud-Native Applications, also known as the Multi-Cloud Conference, focuses on zero-trust architecture (ZTA) and security-oriented DevOps (DevSecOps) for running applications in the cloud – single-cloud, multiple cloud, and hybrid cloud.
The conference is co-hosted by the National Institute for Standards and Technology (NIST), which is part of the US Department of Commerce, and Tetrate, the company started by Istio founders to reimagine application networking for today’s hybrid environments. You can read the full conference agenda with talks and training from global leaders on service mesh and DevSecOps.
This is the third annual iteration of this conference; you can check out a recap of last year’s conference here, with video recordings available here.
What’s in it?
This conference focuses on architectures for application software, especially zero-trust architectures, intended to deliver more secure software. As the conference title suggests, using the right architecture is not enough; savvy, architecture-aware, and application-aware operations support is needed to maintain security at runtime.
The agenda shows the talk titles, including design basics, examples, case study descriptions, demos, and a panel discussion around using ZTA to deliver more secure computing. Featured speakers include André Mendes, Department of Commerce CIO; Kelsey Hightower, Principal Engineer Google Cloud; Ronald Ross, NIST Fellow; and Zack Butcher, Tetrate Founding Engineer.
When is it?
The conference features training on one afternoon and talks the following day, US East Coast time:
- Two and a half hours of training on Wednesday, Jan. 26th, from 12 noon – 2:30 pm EST (UTC-5)
- Five hours of talks on Thursday, Jan. 27th, from 11 am – 5:20 pm EST.
The training showcases a deployment of the US Department of Defense’s Platform One, which implements ZTA using Istio, Kubernetes, and other tools.
What does it cost?
Registration is just $35 and includes both training and talks.
There are two ways to request a free pass:
- You can request free attendance from the US Government by emailing mesh4cloud@nist.gov.
- You can request free attendance from Tetrate on the registration page by clicking Request a Free Pass and filling up the form.
Will there be recordings?
Recordings of the conference, excluding the live breakout sessions, will be released a few weeks after the conference. There are recordings from several of last year’s sessions here.
Why is NIST involved?
NIST is responsible for developing and promoting the Federal Information Processing Standards (FIPS) and ZTA standards, co-written by Tetrate, which use the technologies described in the conference. The federal government maintains and promotes a wide range of standards for use within the government and with companies, researchers, and others working with the government. These standards are then often used, as is or with modifications, outside of government, in America, and worldwide.
Why is Tetrate involved?
Tetrate works closely with NIST, the open source community, and others to develop relevant standards. Also, Tetrate offers a secure and supported version of Istio, a key technology used in zero-trust architectures, and Tetrate Service Bridge (TSB), a ZTA platform built on Istio, which you can run in the cloud or on-premises. TSB implements NIST’s groundbreaking access model, Next Generation Access Control.
About the Tetrate-NIST Partnership
Tetrate and NIST have collaborated over the last three years across multiple deliverables. Using NIST’s experience with cybersecurity and Tetrate’s expertise on secure service mesh, they have collaborated to produce US security standards for a distributed architecture:
- (SP 800-204A) Building Secure Microservices-based Applications Using Service-Mesh Architecture,
- (SP 800-204B) Attribute-based Access Control for Microservices-based Applications using a Service Mesh,
- (SP 800-204C) Implementation of DevSecOps for a Microservices-based Application with Service Mesh, and
- Implementation of Next Generation Access Control (NGAC), a superior authorization framework that’s more fine-grained than role-based access control (RBAC) and attribute-based access control (ABAC), in Tetrate’s products
Check out this page if you want to learn more about the NIST-Tetrate partnership.