Edge trusting is dead, long live Zero Trust.
We were used to deal with `edge security` , direct integration with IDPs using different libraries, also dealing with certificates, SSL, securing the point of entrance to our system, and after that.... well, if you are in the system is because you are allowed to ...... or not ?
Nowadays CVEs, massive attacks, are common .... for sure you remember some recent cases ....don't you ?
So, the idea of protecting only the most external layer of our system , based on the idea that nobody can be in the system if that gate has not been successfully passed, is no longer valid.
In this session I will share my knowledge on protecting K8s and VMs clusters following the ZeroTrust approach, covering concepts like : Zero Trust security, SSL transport, Observability, Authz and Authn , and everything without touching a single line of our Java ( Quarkus ) microservices and how to change that configuration without telling a word to the app developer.