For several years now, we have been experiencing an ever-increasing shift from classic, monolithic application development to cloud-based architecture based on microsegmentation, container technology and Kubernetes. As with every technology change, security is often implemented only at the end - if at all. Security is supposedly inconvenient, not sexy enough and the new MVP should have been released yesterday.
But what many people don't know is that in the world of containers not only the program code has to be written differently. After all, we give developers virtually full access to the system! I have never seen an administrator who willingly gives all developers root access to his machines without signing a 100 page form with blood. So why should we suddenly do this for containers?