On of the things that people felt was controversial about my message was “end-point security is no longer a thing”. I’m saying this from the standpoint of:
- Instances are short-lived (hours/days, not months/years)
- Instances are dynamically scaling in and out
- Cloud native applications (usually) run a single-process per instance/container, no space for another (you could do a sidecar I suppose)
- Your filesystem (should be) is read-only (all state is stored in persistent-volume, in PaaS DB)
- You are building (CI), scanning (SAST, DAST, ASAN, TSAN, MSAN, FSAN, …) and checking upstream
Enjoy! Comments welcome.