Rootconf 2025 Annual Conference - 16th and 17th May
On platforms, distributed data systems & security
Rohit Raveendran
@rrr0hit
Platform-Led Zero Trust Service Networking for FinTech
Submitted Apr 4, 2025
Type of submission:
30 mins talk
Topic of your submission:
Performance engineering
I am submitting for:
Rootconf Annual Conference 2025
Title
Platform-Led Zero Trust Service Networking for FinTech
Abstract
Imagine a world where developers simply describe their workloads—and the platform guarantees a Zero-Trust networking setup. This session shows how we built exactly that for a fintech organization, using service mesh for mTLS authentication, Istio AuthorizationPolicies for precise traffic control, and Open Policy Agent (OPA) to enforce compliance automatically and early in the delivery process.
Description
In fintech and other regulated environments, securing service-to-service and internet-bound communication is essential—but relying on teams to configure mTLS, authorization rules, and firewall policies doesn’t scale and often breaks down in practice.
In this session, we show how we built a Zero-Trust networking model into the platform itself. Developers define workloads declaratively, including the services they need to communicate with. The platform takes over from there:
– Istio enforces mTLS for service identity and encrypted communication
– Istio AuthorizationPolicies define and enforce which services are allowed to communicate—based on identity, not IP
– OPA validates compliance both at the level of declared workloads and the changelog about to be deployed, ensuring continuous and proactive enforcement
All of this is delivered through GitOps pipelines—making secure, compliant infrastructure the default without slowing down teams or increasing operational friction.
Attendees Will Learn
- How to implement Zero-Trust networking for service communication using service mesh, mTLS, and Istio AuthorizationPolicies
- How declarative workload definitions can express access intent while abstracting enforcement
- How OPA is used to validate both current state and incoming changes for continuous compliance
- How GitOps pipelines enable automated, auditable, and secure deployments
- How platform engineering eliminates manual security gates while preserving strong policy guarantees
Let me know if you’d like help shaping this for a specific conference’s CFP format.
Comments
In-person conference
Hosted by
We care about site reliability, cloud costs, security and data privacy
Supported by
Gold Sponsor
Coinbase (NASDAQ: COIN) is on a mission to increase economic freedom for more than 1 billion people.
Gold Sponsor
Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.
Sponsor
Facets.cloud is the orchestration platform for infra, CI/CD, and config. Built for self-service, governance, and AI readiness.
Sponsor
Thoughtworks is a global technology consultancy that integrates strategy, design and engineering to drive digital innovation.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}