Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ZTA and DevSecOps for Cloud Native Applications (virtual)

A recording of Joe Skorupa's presentation is available on Gartner's website at:

Third Annual Multi-Cloud Conference and Workshop (Virtual) 

Co-Hosted by NIST and Tetrate

Download the Agenda (PDF)

This year’s Multi-Cloud Conference co-hosted by NIST and Tetrate will focus on DevSecOps and ZTA as foundational approaches to development, deployment, and operational phases for achieving high-assurance cloud native applications. Featured speakers will include: Kelsey Hightower, Principal Engineer, Google Cloud; André Mendes, Department of Commerce CIO; Zack Butcher, Tetrate Founding Engineer; and NIST Fellow, Ronald Ross. 

The latest generation of cloud native applications often consists of a collection of microservices that could be distributed and deployed across a heterogeneous infrastructure (on-premises, public cloud, containerized, running on virtual machines, etc). With the proliferation of DevSecOps, a service mesh has proven to provide the desired bridge between infrastructure and microservices to transparently add security, connectivity, observability, and reliability without any additional code. Service mesh plays a critical role in the incorporation of zero trust design principles and in the adoption of the DevSecOps paradigm that are essential to high operational assurances for this class of applications.

This conference will feature presentations by domain experts, practitioners, and thought leaders in DevSecOps and Zero Trust Architecture (ZTA) deployments, as well as demonstrations of proof-of-concept use cases in multi-cloud environments. Presentations will address the following:

  • ZTA guiding principles and approaches for workflow, system design, and operations through DevSecOps pipelines, authentication and authorization frameworks, and continuous monitoring
  • NIST’s latest guidance on DevSecOps and security engineering practices
  • The role of automation in operational security
  • The benefits of prescribed approaches, such as prevention of configuration drift and continuous authority to operate 

Entrepreneurs, students, and cybersecurity professionals are encouraged to attend!

Download the Agenda (PDF)

Interactive Training with Envoy & Istio

Wednesday, January 26, 2022 from 12:00 - 2:30 PM Eastern Time (UTC-5) 

Join a day early for a deep-dive, 2.5-hour training.

In this session we’ll showcase a real-life deployment implementing Zero Trust Architecture, by deploying and describing the Platform One stack. This training will demonstrate how and why to use these tools to solve the challenges of security, observability, networking, and multi-cloud. We’ll walk through a real Platform One deployment showcasing the use of Istio, Kubernetes, and other tools to build in-app and user-level security permissions, encryption in transit, enhanced identity and access controls, and provide runtime observability required to achieve a zero trust platform in practice. Throughout, you’ll have experts in the room to answer questions.

Familiarity with Kubernetes, Istio or service mesh, and Platform One will be helpful for attendees.

Topics include:

  • Traffic management and resilient communication between services
  • Policy enforcement and rate limiting
  • Telemetry, monitoring, and reporting
  • Securing communication between microservices
  • Canary deployment
  • Secure compute and runtime controls with a service mesh
  • Cluster management
  • Deploying a service mesh across heterogeneous, multi-cloud enterprise environments




Created November 26, 2021, Updated April 4, 2022