EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)

Guests:

• Evan Gilman, co-founder CEO of Spirl

• Eli Nesterov, co-founder CTO of Spril

Topics:

• Today we have IAM,  zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them? 

• What’s so spiffy about SPIFFE anyway? 

• What’s different between this and micro segmentation of your network–why is one better or worse? 

• You call your book “solving the bottom turtle” could you tell us what that means?

• What are the challenges you’re seeing large organizations run into when adopting this approach at scale? 

• Of all the things a CISO could prioritize, why should this one get added to the list? What makes this, which is so core to our internal security model–ripe for the outside world?

• How people do it now, what gets thrown away when you deploy SPIFFE? Are there alternative?

• SPIFFE is interesting, yet can a startup really “solve for the bottom turtle”? 

Resources:

• SPIFFE  and Spirl

• “Solving the Bottom Turtle” book [PDF, free]

• “Surely You're Joking, Mr. Feynman!” book [also, one of Anton’s faves for years!]

• “Zero Trust Networks” book

• Workload Identity Federation in GCP