Source: thenewstack.io
Governance, Risk and Compliance with KubernetesCategory: Security, Privacy, Kubernetes
Cloud Native Computing Foundation sponsored this post, in anticipation of KubeCon+CloudNativeCon Europe 2021 – Virtual, May 4-7. Have you ever been frustrated that your organization does “too much security” and so it’s impossible to get anything done?
Your need to rapidly iterate is not your risk, but failing to keep track of compromises made to do it, absolutely is.
Managing the risk can include doing nothing, but you MUST record your reasons for that, and involve the folk who have skin in the game.
If they want to trade security or privacy for a feature or launch date, they need to sign their name to that; but you need to be clear about hard regulatory and legal lines and the sliding scale of other risks, then ensure all of that is documented.
Your need to rapidly iterate is not your risk, but failing to keep track of compromises made to do it, absolutely is.
Managing the risk can include doing nothing, but you MUST record your reasons for that, and involve the folk who have skin in the game.
If they want to trade security or privacy for a feature or launch date, they need to sign their name to that; but you need to be clear about hard regulatory and legal lines and the sliding scale of other risks, then ensure all of that is documented.
Related Articles
Community Partners
DevOps Careers