 Hi welcome everyone. This talk is about scaling machine learning without compromising privacy and security. Thank you CNCF for giving me this opportunity and thank you audience for your attention. My name is Nanda Vijayadev. I lead product management at HPE Esmeral container platform and machine learning ops. My background is in technology transformation at medium to large enterprises specializing in big data and machine learning operations. Over the next few minutes we will take a look at the complexities of the machine learning pipeline. What are some of the possible touch points and areas of concern and what are some of the technologies that are being used to mitigate risks and lower the exposure in machine learning pipelines. This picture is from a famous paper by Google where it talks about the technical debt and the various stages of machine learning. And most people associate machine learning with algorithms, the ML code or the ML model itself. But there's a lot that happens before, during and after. This may run on one or many communities clusters depending on the deployments at customers. There are various actors, there are various personas that interact with the different stages of the pipeline. And there are services within Kubernetes and Ingress for users to access those services. And also there are external entities. If you look at this picture, this is a representative architecture of a large financial institution that has a pretty large footprint of machine learning activities that happen across various systems and across different groups. You have data pre-processing done by your data engineers and then you have the actual machine learning process done by your data scientist and then a deployment of a model. So not getting into the detail of this, what's of concern for us in the next few minutes is that there are several different processes as you can see here. This perimeter, there is edge attack surface, multiple different Kubernetes clusters probably in different trust domain. And then you have a number of different external systems that have to be accessed. And for those who are familiar with security in Kubernetes, by default there's really no security that's enabled. So if you do a threat model for this, you can see that the graph of how a user accesses the system and what are all the touch points they go through for various activities, what services are talking to other services. So you have authenticating and authorizing to individual service by users. Then you have to establish trust between services, tenants and across sites if needed. Because of external systems that are accessed as part of this pipeline, you have an increased attack surface especially with data access. Now you have privacy concerns here. Our path through resolution is happening in multiple phases using best-of-the-breed technologies such as LDAP and OIDC connector as you can see here and MTLS between systems using JOT and Spiffy identities. For preventing attack surface, this is something we're paying special attention to with admission control, various part security policies and network controls. And for extended policies such as limiting your authorized Docker registry and things like that, there are OPA regular policies. For phase two, there is experimentation going on to establish more transitive identity between user services and also external resources that are outside of the community's network. And for federation between on-prem and cloud trust domains, we are looking at Spiffy federation. Thank you and looking forward to seeing you on another trucks.