Secure Service Mesh : Share your opinion on policy governance !

What to do with policies on “Intentions” for effective Service Mesh implementation ?

DevSecOps advocates like yourself are probably familiar with the following enigma :

Governance of policies regarding Secure DevOps: Leave it with security officers, operations or developers ?   We really appreciate if you allow us to collect your opinion here!

What triggered us to ask you ?

Securing services with a Service Mesh

On DevSecOp-NL’s meetup of December 10 2019, HashiCorp’s Erik Veld explained the rationale behind service mesh solutions.

Please collect his presentation and github repo for his demo here.

Lateral Movement Attacks

Dynamic environments enforce rethinking of security risk management. One challenge is to organize constant effective control over changing IP addresses and ingress ports. Failure leads to attackers getting hold of one asset within a network and then spreading their reach from that device to others within the same network. 

Preventing such ‘Lateral Movement Attacks’ will incur considerable efforts.  To control Open Network Access and Service Segmentaton in dynamic environments, new ways of architectures need to be considered, such as Service Mesh.

Erik Veld explained the concept of Network/Service segmentation with intentions describing the policy of relations between segments/services (“Web-App is allowed to talk to Order-History”).

Who should manage these intentions according to you ?  Let us know !  We gladly provide you the insights from your collective answers !