...
Workload/Pod/Container Hardening:
- Protecting workload secrets Secrets. Secrets could be injected in the workloads using volume mounts, environment vars, etc. Provide clear guidelines and specific tooling to secure such secrets.
- Protecting sensitive assets mounted using volume mount points
...
- Workload Process Monitoring
- Workload Sensitive Asset access
- External Network exposure for workloads
- Ability to query forensics details for a specified time duration from past X days.
Other Topics:
- Leveraging Confidential Computing for hardware based protections
charisse lu Should we create security guidelines for workload creators?
...