NIST 800-207A: Implementing Zero Trust Architecture

Zero Trust is all about replacing implicit trust based on perimeter security and network access with explicit trust based on identity and runtime authorization. This means authenticating and authorizing workloads in addition to end users, driving new patterns like identity-aware proxies and the service mesh for enforcing access.

Join Zack Butcher, co-author of NIST security standards for microservices, in a discussion of the forthcoming Special Publication 800-207A on a Zero Trust Architecture (ZTA) model for access control in cloud native applications in multi-location environments. We'll present a succinct and easy-to-understand definition of a "zero trust architecture" and discuss how a common use case—application communication from cloud to on-premises through a DMZ—can be simplified with identity aware proxies (and policy!), leading to improved security without sacrificing organizational agility.


Zack Butcher

Founding Engineer @Tetrateio & NIST co-author on security, prev core services @GoogleCloud

Zack is Principal and Founding Engineer at Tetrate, where he helps some of the largest enterprises in the world adopt Istio and Envoy. An early engineer building Istio at Google, he served on its Steering Committee and co-authored “Istio: Up and Running” (O'Reilly). He works with NIST and co-authored a series of Special Publications defining microservice security and zero trust standards. At Google Cloud Platform, Zack worked on its central resource hierarchy, service management, identity & access management systems, and Google’s internal mesh that Istio draws from.

Read more
Find Zack Butcher at:


Monday Oct 2 / 01:35PM PDT ( 50 minutes )


Ballroom BC


K8s Service Mesh Networking Zero Trust Security


From the same track

Session Serverless

AWS Lambda Under the Hood

Monday Oct 2 / 10:35AM PDT

AWS Lambda is a serverless compute service running at a massive scale! Supporting packages of up to 10GiB while allowing over 15K new containers per second (for a single customer) and serving millions of TPS across millions of unique workflows is a challenging problem.

Speaker image - Mike Danilov
Mike Danilov

Senior Principal Engineer @AWS Lambda

Session Distributed Systems

Managing 238M Memberships at Netflix

Monday Oct 2 / 02:45PM PDT

Have you ever wondered what goes on behind the scenes when you sit back, relax and watch Netflix? How does Netflix own and operate their system of record for all members making sure they continue to be in good standing and get the best experience possible?

Speaker image - Surabhi Diwan
Surabhi Diwan

Senior Software Engineer @Netflix


Unconference: Architectures You've Always Wondered About

Monday Oct 2 / 03:55PM PDT

What is an unconference? An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.

Session Recommender Systems

Unpacking how Ads Ranking Works @Pinterest

Monday Oct 2 / 05:05PM PDT

In this session, we delve into the dynamic world of social media advertising. Facebook, Snap, Pinterest, Twitter, and many others generate the majority of their revenue from targeted ads.

Speaker image - Aayush Mudgal
Aayush Mudgal

Senior Machine Learning Engineer @Pinterest, Focusing on Privacy Safe Recommender Systems, IIT Kanpur Alumnus

Session Database

Relational Data at the Edge

Monday Oct 2 / 11:45AM PDT

Data storage and access at the edge delivers massive performance gains by reducing location-sensitive latency.

Speaker image - Justin Kwan
Justin Kwan

Software Engineer Intern - iCloud Edge @Apple, Previously @Cloudflare

Speaker image - Vignesh Ravichandran
Vignesh Ravichandran

Engineering Manager @Cloudflare, Contributor to Postgres, Previously at Ticketmaster