Tag Archives: Trust

WTF My MFA is MIA

How do authorization systems need to be built and made resilient for distributed infrastructure? We discuss how having a single centralized authorization system is incredibly fragile compared to distributed edge infrastructure.

Everything we build has some element of distributed component tree and resiliency in it, and we need to make sure that the authorization systems are included in that analysis.

We explored how you can make MFA more resilient and how you can improve the security of authentication by building additional layers of trust based on behaviors.

Transcript: otter.ai/u/KTg3WSqSKuswLIypoBwD4HyMzcA
Image: www.pexels.com/photo/hand-holdin…sh-drive-5474298/

Rob’s Hot Take:

In the April 28th Cloud 2030 Podcast, Rob Hirschfeld delves into the challenges of implementing two-factor authentication (2FA) in distributed infrastructures with centralized authentication. The critical problem revolves around creating resilient systems that don’t solely rely on external factors for authentication, considering the potential impact on every service and component in the infrastructure. The discussion emphasizes the importance of behavioral analysis in authentication, scrutinizing user behavior to ensure trustworthiness, especially in scenarios where full authentication is not available. The full conversation explores these aspects in depth, providing valuable insights for building resilient infrastructure. Join future discussions at the2030.cloud.

Certificate Management (Let’s Encrypt Expiry)

Understanding and Managing Certificates is a critical operational skill in which we cover the basics and then go deeper.

If you are familiar with SSL HTTPS, you are using certificates on a daily basis. And yet, actual management of trust and root CA is and distributing private and public keys or distributing public keys and managing private keys is tricky.

Even our expert panel still struggles while we understand what’s going on. One of the challenges with this is in education and having people understand what they’re actually getting from certificates and trust, and what they’re not getting.

Transcript: otter.ai/u/CpGE5ybdVqiIlfoNqMIknTsLId4
Photo by Andres Ayrton from Pexels [ID 6551298]

A Peak Of Trustability?

“The peak of trustability” came up during our discussion of Trust in general. We really unwound what trust means starting from simple concepts like credentials and certificates and other security items.

We got to a point where trust is also about software supply chain! Security includes how much you keep up with changes and what the latest things are. Then we realized that trust has an important time value: you don’t trust, initially, you build trust, and then you lose trust.

This creates a peak of trust ability concept that I hadn’t heard articulated before. I think is really important in understanding trust in a broader sense, especially when we think about Zero Trust. That;s not the end. It’s an end point and it’s also a starting point for building interconnections and relationships with people and tech.

Transcript: otter.ai/u/TNRiua5DxzsdR3Yh0eEjRJ45FB0
Photo: Photo by cottonbro from Pexels