Proposal for security overview page #2188
Conversation
| - RBAC | ||
| - policies | ||
| - runtime detection | ||
| - cloud security posture | ||
| - image scanning and provenance | ||
| - secret mgmt within the cluster | ||
| - traffic encryption |
There was a problem hiding this comment.
Should we also mention higher-level goals? The terms described here all fit well, and maybe they can be made into one or more reasonable diagrams to describe the threats and high-level goals.
Here's a short description to show what I mean:
For example, you want to prevent intrusion by attackers and the related loss of trust by end users. Therefore, security must be ensured at all times, including when software is already deployed and running on a cluster (runtime detection). Also, secure transport of data to and within clusters is essential (traffic encryption) or even mandated by regulation. To avoid social engineering attacks, users should have the least possible privileges (RBAC).
There was a problem hiding this comment.
You are right, starting with the high level goals would be better and then break those down to point the different capabilities we offer and could help toward these goals
|
We haven't started on this doc yet 😅 but we will take that into consideration |
Co-authored-by: Andreas Sommer <andreas@giantswarm.io>
What this PR does / why we need it
Towards https://github.com/giantswarm/giantswarm/issues/30733
Things to check/remember before submitting
If you made content changes
make devto render and proofread content changes locally.last_review_datein the front matter header if you reviewed the entire page.