With increasing tools, risks, and regulations, the onus of ensuring security is strong falls on all leadership- not just the CISO! It is a combination of CTO-CIO responsibilities. The CISO may or may not be the best person to have repeatable Kubernetes security guardrails in place. We have great tools for security teams to respond to incidents, but it's a cross-team effort.
The best threat detection and mitigation technologies that businesses need on their tech stack today will minimize the risks and the trending upcoming risks in the next 12 months. So, operationalizing what those tools and technologies are providing is probably more, it is more important, in my opinion than choosing just the technology.
Machines and humans have access to service accounts, and many people have been talking about this, but it's become more apparent that our CI CD systems are attack-like paths and vectors. They're great for internal or external attacks because they help a lot. Every enterprise has a built-in remote code execution as a service.Now, there is AI, there is automation, and a whole bunch of new risks are coming.
Businesses are concerned that they should be prepared regarding technology, strategy, investments, or budgeting.So, if that's the theme for next year, that sets the stage for really deep scrutinizing. They will be putting a fine tooth comb through the entire program. There's no shortage of security programs across the globe that are getting a C minus. So, we need to increase the security posture, which means scrutinizing Kubernetes too.