TalksAWS re:Invent 2025 - Zero Trust: The Blueprint for Securing AI-Powered SDLC (AIM218)

AWS re:Invent 2025 - Zero Trust: The Blueprint for Securing AI-Powered SDLC (AIM218)

Zero Trust: The Blueprint for Securing AI-Powered SDLC

Overview

  • Presentation by Brian Lazir, Product Manager for Zscaler's Zero Trust Cloud portfolio
  • Covers how Zscaler helps customers protect their workloads and workload traffic in cloud environments
  • Focuses on transforming application architectures and networking/security approaches to enable zero trust principles

Transitioning from Traditional to Zero Trust Architectures

  • Traditional "castle and moat" model centralizes user access and traffic, creating rigidity and vulnerability
  • Zscaler enables a shift to a zero trust model with:
    • Direct access for users and workloads to needed applications and resources
    • Strong identity-based authentication and authorization
    • Granular control and visibility down to the process level

Zscaler Zero Trust Cloud Capabilities

  1. Zero Trust Gateway:

    • Secures workload traffic within and across cloud environments (VPC-to-VPC, egress to internet, ingress from internet, etc.)
    • Leverages Zscaler's cloud-based "Zero Trust Exchange" for high-scale inspection and policy enforcement
    • Supports AWS tags, JSON Web Tokens, and other identity-based controls

  2. Zscaler Micro-Segmentation:

    • Host-based agent that provides micro-flow visibility and granular micro-segmentation controls
    • Supports VMs, EC2 instances, and container environments like EKS
    • Integrates with CMDB and leverages eBPF for Kubernetes-native deployment

Technical Details

  • Zero Trust Gateway:
    • Leverages AWS Gateway Load Balancer for regional, multi-AZ deployment
    • Supports east-west, egress, and ingress traffic patterns
    • Integrates Zscaler's ZIA (Internet Access) and ZPA (Private Access) capabilities
  • Micro-Segmentation:
    • User-space agent that programs native OS firewalls (Windows, Linux)
    • Provides cluster-level and node-level controls for container environments
    • Includes discovery service to map all workloads and traffic flows

Business Impact and Use Cases

  • Enables secure, direct access for developers to AI/ML development environments (e.g. Anthropic's Delphi)
  • Protects access to private applications (e.g. Jira, Confluence) and public resources (e.g. Git, Stack Overflow)
  • Consolidates legacy network security components (firewalls, VPNs) with zero trust alternatives
  • Provides granular visibility and control over "crown jewel" applications and workloads

Customer Examples

  • Customers using Zscaler to secure AI-powered SDLC environments, including access to public and private resources
  • Achieving benefits like prompt-based application development, API call support, and augmented data retrieval

Key Takeaways

  • Zscaler enables a zero trust architecture for securing cloud workloads and user access
  • Capabilities span network security (Zero Trust Gateway) and micro-segmentation for granular control
  • Helps customers transform legacy architectures, reduce costs, and improve security posture
  • Integrates with cloud-native technologies (tags, tokens, eBPF) for identity-based policies
  • Supports a wide range of use cases, from AI/ML development to protecting "crown jewel" applications

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.