Access and Security Trade-Offs for DevSecOps Teams

Engineering teams building cloud software are always under pressure to deliver new features, fix bugs, and improve performance. To move quickly, engineers need access to computing resources: Kubernetes clusters, individual servers, databases, monitoring dashboards, and so on. But, to a security professional, all of these resources represent an ever-growing attack surface area. Just think how many attack vectors exist in a production database: an attacker can get SSH access to a database machine via a compromised key, a Kubernetes API, a compromised web UI, or even via the database’s own remote protocol.