Security-by-design, security-as-code, and security-first are all themes regarding how we as an industry can improve our ability to deliver secure systems. Security-first is certainly a good theme because we simply cannot graft security onto our systems after the fact. However, we need more than security-first. We need a continuous focus on security.
Security-as-code is extremely important. Human error is the root cause of the vast majority of system breaches. This human error can be the inevitable result of configuration drift, as systems are manually configured, patched, and tuned to the point that there is no conformity or traceability and quality suffers. Or human error can result when the sheer effort required to manually patch a system with a known security fix leads to an inertia that leaves value information exposed. Our cloud-native systems are powered...
