Implementing Security GRC in any infrastructure is not an easy task. When it comes to Kubernetes Security, it is even more challenging for the following reasons:

How can Security Governance provide a strong baseline for managing Security Risk and Compliance?

Tragedies happen and are mainly out of our control, but sometimes we can learn from them. The Titanic was a model of modern technology, the Unsinkable Ship. Watertight bulkheads divided the hold so that the damage would be contained if there was a breach. Unfortunately, a fateful turn caused the breach to be too large for these defenses. Tragically, other safety measures were shortchanged based on the confidence derived from the bulkheads resulting in disaster.

We have all been there before. A work colleague needs our help with something. It is a simple ask. Just help collect a piece of evidence and submit it into the system. Time to learn a new tool.

There has always been a perceived tension between compliance (strings) and sales (helium). It is hard enough to get off the ground and run a profitable, successful business in 2022 without being hamstrung by compliance. This sort of overhead expense not related to the direct pursuit of business should be dealt with carefully and sparingly unless it does impact the direct pursuit of business.