What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust

This talk explores the principles of Zero Trust in the context of growing cloud-native adoption and hybrid architectures. It emphasizes understanding adversaries and implementing layered security controls. The session introduces fundamental threat modeling concepts for distributed cloud-native workloads, demonstrates a simple system built with Zero Trust principles using Istio service mesh within Kubernetes, showcases cryptographically strong workload identities from SPIFFE, and details how Istio External Authorization delegates decisions to OPA sidecars. Finally, it builds a threat model and introduces controls following the Zero Trust philosophy, including custom signing and verification of OPA bundles.