A Multi-Cloud Framework for Zero-Trust Workload Authentication
By: Saurabh Deochake, Ryan Murphy, Jeremiah Gearheart
Potential Business Impact:
Secures computer programs without needing secret passwords.
Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication. Our approach uses cryptographically-verified, ephemeral tokens, allowing workloads to authenticate without persistent private keys and mitigating credential theft. We validate this framework in an enterprise-scale Kubernetes environment, which significantly reduces the attack surface. The model offers a unified solution to manage workload identities across disparate clouds, enabling future implementation of robust, attribute-based access control.
Similar Papers
Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication
Cryptography and Security
Secures computer programs from hackers.
Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation
Cryptography and Security
Makes computer programs safer by checking who's using them.
Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure
Cryptography and Security
Secures computer access for people and programs.