 Hello, welcome everyone. My name is Sunil Ravi Pari. I lead Zero Trust initiatives at Anthem. Today's session is about federating trust in healthcare with SPIFI. Essentially, healthcare systems and data have been subjected to cyber attacks and ransomware since a long time. This session will talk about how healthcare systems and data consisting of PHI and PI will be secured with a new paradigm shift in technologies in cloud native Zero Trust solution to have workload identity and trust within healthcare systems and extending this Zero Trust to partners healthcare systems which connect with Anthem's health OS platform to securely authenticate and exchange data. So what's Zero Trust? Most of you might be familiar with Zero Trust, which could be defined in various ways. But NIST coined the definition saying that it's an evolving set of cybersecurity paradigms that move defenses from static network-based perimeter to focus on user assets and resources. Zero Trust architecture uses Zero Trust principles to plan industrial and enterprise infrastructure and workflows. And also it assumes that there is no implicit trust granted to assets or user accounts based solely on their network location. Authentication and authorization are two discrete functions performed before a session to an enterprise resources established. And also Zero Trust is a response to enterprise network and prints that include remote users bring your own device and cloud-based assets that are not located within enterprise own boundary. And also Zero Trust focuses on protecting resources such as assets, services, workflows, network. As a network location is no longer seen as a prime component to the security posture of the resource. Anthem Health OS platform harnesses millions of members of healthcare data of Anthem's members. And how can Anthem use its member data essentially? So the platform provides insights and also the benefits offered by Health OS is that its access and operating system to enable seamless health plan provider collaboration. So this healthcare platform can also extend or rather provide insights into the member data by giving external clients access to this platform. So the answer to this is to essentially federate across the clusters. So the benefits of doing a federated Zero Trust approach is that using SPIFI is that it provides a mutual TLS between services and does end-point verification and also integrates container orchestrator like Kubernetes. So the tech stack which does the heavy lifting is essentially mutual TLS. SPIFI inspire is Jot token and policy agents for authorization and for monitoring observability agents. Let's dig deeper into the architecture itself by taking here an example of a existing federated architecture with an external client Robin. So Robin is an external client would like to get insights of Anthem's member data through Health OS platform. So here we have Robin's EKS cluster and Health OS EKS cluster. So we required that there are a requirement set of requirements like it should be running on Linux and have ports open for TCP connections and the outbound ports and also there is a storage available on Kubernetes to have PVC. So once we deploy the inspire servers on both the clusters and the agents as well as the on-white proxy to do the proxy connection, the federated approach of SPIFI architecture would have the trust domain set up and then have the configurations on both the clusters set up to point to each other's trust domains and the open ports and then have the trust bundle exchange between the Health OS cluster and the Robin cluster. So that way the whole end-to-end federation is configured, set up and bootstrapped. So if you can see in the architecture diagram here, the spire server from the Health OS and Robin, they talk to each other to establish the trust and then the workload identity happens on each cluster for the workloads they're interacting with on Health OS. There are certain services like Health OS Gateway and Health OS authentication and on the Robin's cluster you have Robin service which would authenticate with Health OS Gateway through the on-white proxy and then once authenticated use the API to get member data and insights from the Health OS platform. So this is the high-level architecture and a high-level SPIFI federation use case with an external client from Anthem's Health OS to a Robin partner. But this could be replicated with multiple partners and set up the multiple federations and scale up for giving insights into help Anthem's member data. So going to the next, so once since we have this federation to establish now, if there are any other questions I'll be available on the chat, please ping me or you can contact me offline.