The future of workload identity and zero-trust security isn’t a new idea, it’s about finally enforcing first principles that have been proven for decades. From the earliest multi-user systems and cryptographic authentication models of the 1960s to virtualization, federated identity, and workload attestation, every security breakthrough has been a rediscovery of how to verify execution integrity without implicit trust.
We explore the key milestones in workload identity’s evolution, from Needham-Schroeder (1978) and Kerberos (1983) to modern confidential computing (SGX, SEV, CCA) and federated workload identity (SPIFFE, Workload Identity Federation). We’ll break down why zero-trust workloads are a return to these fundamental principles, now made scalable through modern computing.
By the end of this talk, you will have a clear understanding of why zero-trust is not a new paradigm but a return to fundamental security models, and how historical breakthroughs in cryptography and workload isolation shape today’s cloud security.
We explore the key milestones in workload identity’s evolution, from Needham-Schroeder (1978) and Kerberos (1983) to modern confidential computing (SGX, SEV, CCA) and federated workload identity (SPIFFE, Workload Identity Federation). We’ll break down why zero-trust workloads are a return to these fundamental principles, now made scalable through modern computing.
By the end of this talk, you will have a clear understanding of why zero-trust is not a new paradigm but a return to fundamental security models, and how historical breakthroughs in cryptography and workload isolation shape today’s cloud security.
Agentic workflows have been gaining in popularity and while the industry has been coming to grasp how to adopt these types of patterns, it is essential that secure practices are inherent in the overall design. Answers to questions such as how are the interactions between these systems controlled and managed for human and machine actors, as well as how credentials are handled so that they are stored and properly rotated, must be addressed. Failing to provide answers to each of these questions and more represents a departure from existing research and experience related to zero-trust methodologies.
In this session, we will explore a practical approach to securing agentic workflows, from initial user authentication to machine-to-machine communication across AI agents and tools. Using industry standards like OAuth2 transaction tokens and SPIFFE/SPIRE workload identity, we’ll show how to enforce least privilege and build a production-ready security model for agentic AI.
Expect real-world insights, actionable takeaways, and a deep dive into securing the next generation of AI-driven systems.
In this session, we will explore a practical approach to securing agentic workflows, from initial user authentication to machine-to-machine communication across AI agents and tools. Using industry standards like OAuth2 transaction tokens and SPIFFE/SPIRE workload identity, we’ll show how to enforce least privilege and build a production-ready security model for agentic AI.
Expect real-world insights, actionable takeaways, and a deep dive into securing the next generation of AI-driven systems.
You are building containerized applications and are thinking about your universal identity strategy as you set up secure communication between AWS , on-premises, and other cloud environments. End-to-end security requires both authentication and encryption in transit.
In this session, you will learn about using universal identities to connect to AWS and implement comprehensive Encryption in transit for Kubernetes applications using AWS Private CA and cert-manager. We will discuss theory and provide demos.
This session is useful for security engineers and Kubernetes operators looking to enhance their Kubernetes application's security posture while maintaining operational excellence.
In this session, you will learn about using universal identities to connect to AWS and implement comprehensive Encryption in transit for Kubernetes applications using AWS Private CA and cert-manager. We will discuss theory and provide demos.
This session is useful for security engineers and Kubernetes operators looking to enhance their Kubernetes application's security posture while maintaining operational excellence.
We’ve spent the last 30 years relying on firewalls to protect our perimeter. With the rise of multi-cloud, edge computing, and AI agents, the way we think about securing our workloads is rapidly evolving.
In this panel session hear from Enterprise Security leaders, and how they plan to use identity to help them secure the future of their businesses.
In this panel session hear from Enterprise Security leaders, and how they plan to use identity to help them secure the future of their businesses.
Hosts:
Matt Barker
VP & Global Head, Workload Identity Architecture,
CyberArk
Mattias Gees
Director of Tech Workload Identity,
CyberArk
Want to speak?
We have yet to announce speakers, but we’d love for you to mark your calendars, and register for the event below. Are you interested in speaking at the Workload Identity Day Zero event and sharing your experience? If so, send your talk proposal to [email protected].
Location:
We welcome you to East London's Curzon Aldgate cinema, just a few bus stops away from the KubeCon Europe 2025 location.
Directions from KubeCon Europe 2025 (ExCeL) to Curzon Aldgate, and back:
- ExCeL London --> Curzon Aldgate: click here
- Curzon Aldgate --> ExCeL London: click here
