Cloud Native Security Glossary

• SPIFFE: Secure Production Identity Framework For Everyone — CNCF standard for workload identity.
• SPIRE: SPIFFE Runtime Environment — production implementation that issues and manages workload identities.
• Zero Trust: Security architecture: never trust, always verify. Every request authenticated regardless of network location.
• Workload Identity: Cryptographic identity for services and containers — replaces shared secrets and API keys.
• mTLS: Mutual TLS — both client and server verify certificates. Foundation of Zero Trust communication.
• SVID: SPIFFE Verifiable Identity Document — X.509 certificate or JWT proving workload identity.
• OPA: Open Policy Agent — CNCF policy engine for policy-as-code with Rego language.
• Falco: CNCF runtime security tool — monitors syscalls and alerts on suspicious container behavior.
• Service Mesh: Infrastructure layer of sidecar proxies handling mTLS, load balancing, and observability.
• Sigstore: Keyless container image signing and verification for supply chain security.