Security comes down to trust. In DevOps and our applications, it really is a question of “should this entity be allowed to do that action?” In an earlier time in IT, we could assume that if something was inside a trusted perimeter, be it in our private network or on a specific machine, then we could assume entities were trustworthy and naturally should be able to access resources and data.
However, as applications became more complex, spanning not just machines but also different data centers and continents, and reliance on third-party services via APIs became the norm, we could no longer rely on trusted perimeters.
This article has been indexed from DZone Security Zone