Defending the Perimeter: Patterns for Secure External Event Exchange
Breakout Session
In the era of the "Connected Enterprise," data doesn't just stay inside your private network. You need to share real-time logistics with partners, stream live telemetry to mobile apps, and ingest events from third-party vendors. However, exposing your Kafka brokers directly to the internet is a major security risk. Traditional firewalls and REST-based API Gateways are ill-equipped to handle the persistent, bi-directional, and high-throughput nature of event streams.
This session introduces the concept of the "Event Perimeter"—a dedicated architectural layer designed to facilitate secure event exchange. We will analyze the Event Gateway as a "Smart DMZ" that provides an air-gap between your internal event mesh and the outside world. We will dive deep into technical patterns for Zero Trust Streaming, including how to move authentication and authorization logic from the broker level to the edge.
A significant portion of the talk will focus on Policy Enforcement. We will demonstrate how to integrate an Event Gateway with solutions of the ecosystem to perform fine-grained "Content-Based Access Control." This allows you to dynamically redact PII fields or filter specific events based on the consumer's identity before the data crosses the perimeter. Whether you are dealing with GDPR compliance or simply protecting your brokers from accidental DDoS, this session provides a vendor-neutral framework for secure streaming.
Key Takeaways:
The Air-Gap Pattern: Architecting a "Smart Proxy" to isolate your internal Kafka clusters.Fine-Grained Security: Using ecosystem solutions and the Gateway to redact sensitive data in real-time.Operational Safety: Implementing rate limiting, quotas, and circuit breakers specifically designed for event-driven traffic.
Hugo Guerrero
Kong