Collab Summit 2016 has ended
Back To Schedule
Wednesday, March 30 • 1:40pm - 2:30pm
How Your Firewalls will Break in the World of Containers and Cloud Native - Christopher Lifienstolpe, Project Calico

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The new "cloud native" stack has many advantages for deploying
application stacks over previous models. One of the primary ones is
that it decouples the application from the underlying infrastructure
(not just the hardware, as virtualization does) rendering the
infrastructure as undifferentiated services to be consumed without
having to understand much about their specifics.

This fits very well with the very dynamic, ephemeral nature of
micro-service based application stacks. However, when we get to
security, there is a great consternation as to how to secure these new
environments, as the legacy models just will not cope with that same
dynamic, ephemeral environment. The reason - they tightly couple the
infrastructure with the application. If we've blown that apart for
all the other services, why keep the model for security.

There is another way, security should be defined by the application
itself, and managed as part of the application life-cycle, not as part
of the infrastructure. There has been a lot of work in the network
SIG in this area, and we'll explore it in this talk, and maybe even
extrapolate that work beyond the boundaries of the network.

The proposed audience is anyone who is designing or implementing a
cloud native or micro-services infrastructure and cares about securing
it (or at least has to deal with people who do). We will discuss how to tie security requirements and their enforcement to the application components themselves and the first steps down that road that are taking place in the network SIG. We'll also look further afield and discuss the implications and possibilities of using the same model beyond the network realm.


Christopher Liljenstolpe

Dir. Solutions Architecture, Metaswitch / Project Calico
Christopher is the original architect of Project Calico and one of the project's evangelists. In his day job, he's the director of solutions architecture at Metaswitch Networks. Prior to Calico/Metaswitch, he's designed and run some bio-informatics OpenStack clusters, done some SDN... Read More →

Wednesday March 30, 2016 1:40pm - 2:30pm PDT
Grand Sierra Ballroom B