Sumir Arora
Sr. Solutions Architect at Gemini Solutions
With over 14 years of experience in cloud computing and integration, I am an VP and Sr. Solution Architect at Gemini Solutions, a leading IT services company. I hold multiple AWS certifications, including Solutions Architect Professional, SysOps Administrator Associate, and Solutions Architect Associate, as well as expertise in Azure, DevOps, Mulesoft, and Kubernetes.
I lead a team of engineers and architects in designing, developing, and deploying cloud-based solutions for various clients across industries, using Infrastructure as Code (IaC), GitOps, Azure Kubernetes Service (AKS), MuleSoft Flex Gateway,MuleSoft RTF, and MQ/Kafka. I also collaborate with other teams and stakeholders to ensure the quality, scalability, security, and performance of the solutions, as well as alignment with the business requirements and goals. My mission is to deliver innovative, reliable, and cost-effective cloud and integration solutions that enable digital transformation and business growth.
Presentations
In this session, I’ll walk through how we helped a large enterprise address fragmented API
practices and inconsistent governance by building a platform-first approach to API delivery.
Teams were deploying microservices independently on Azure Kubernetes Service (AKS) with no consistent routing, security, or visibility. We implemented a GitOps-powered framework that allowed teams to integrate a lightweight, Kubernetes-native gateway with their services, while inheriting organizational standards like rate limiting, JWT auth, routing consistency, and metadata tagging—without any manual ticketing or bottlenecks.
The platform approach enabled decentralized development with centralized governance,
accelerating service onboarding while ensuring every API remains secure, discoverable, and compliant by design.
API security goes beyond protecting endpoints—it requires defense across infrastructure, data, and business logic. In this talk, I’ll present a structured approach to implementing Zero Trust security for APIs in a cloud-native architecture.
We’ll cover how to establish a strong foundation across layers—using mTLS, OAuth2/JWT, policy-as-code (OPA), GitOps for deployment integrity, and cloud-native secrets management. The session addresses real-world threats like misconfigurations, privilege escalation, and API abuse, and shows how to mitigate them with layered controls in Kubernetes-based environments on Azure and AWS.
Attendees will walk away with actionable practices to secure their API ecosystem end-to-end— without slowing development teams down.