They assume security teams will slow their march to cloud, but in reality, addressing security late delays scaling production. The DevOps team should triage alerts to assess if there are configuration or security issues and work with the security team on forensics. CISOs need to understand where and how Kubernetes is used within their company, who has assumed ad hoc security roles, what new security tools have been acquired and how they are being used, and how risk is being managed. By understanding how securing Kubernetes is different, CISOs can ensure the integrity of their environment by properly overseeing workflow development and tool evaluation. The good news is that Kubernetes simplifies shifting security left, building more security checks into development so that the final code is more secure. Security teams need to embrace Kubernetes and understand process, workflow and tooling changes.
Support the originator by clicking the read the rest link below.
