Re: updating what it means to be "Cloud Native"


Michael Gasch <embano1@...>
 

Great thread and I totally agree what's been discussed and summarized so far here.
Do you mind incorporating a notion on security in the definitions?

Something like:

  • Secure by design
    • Zero-trust (vs. solely relying on underlying/external components, e.g. firewalls)
    • Incorporating and complying with high encryption standards of data in transit and at rest (especially secrets)
    • Enforcing RBAC, this is including authorization/authentication/accounting primitives
    • Only exposing minimal attack surface (L4-7)
    • The list goes on
?

Btw: I am German and can help thinking about more prescriptive "Attribut- und Zustandsbeschreibungen"  :D

Join cncf-toc@lists.cncf.io to automatically receive all group messages.