Security in depth is a critical component of cloud-native security. Multiple levels of least privileged access help ensure that access is controlled at each layer of the technology stack. Value-added cloud services, such as CDN, WAF, API gateway, function-as-a-service, and cloud-native databases, take responsibility for many of the non-differentiated aspects of securing cloud-native systems. Drawing the line of the shared responsibility model as high as possible enables teams to focus their core competency on the security of the data layer.
Following our security-by-design practices, teams need to classify the sensitivity level of their domain data. Based on these classifications, teams then design the proper levels of obfuscation into their components. For each request/response payload, for each database table, for each event type, a team must design how data will...
