tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Proposal] Auditing Cloud Native Security

Open lumjjb opened this issue 3 years ago • 8 comments

Description: Feedback from the Cloud Native Microsurvey has shown that there is a gap in the area of auditing cloud native systems and the use of cloud native technology and security. There are several efforts ongoing that are looking at controls in the group such as the security controls working group, however there is still a gap of widespread knowledge about methodology and techniques of auditing such cloud native systems.

The aim of this project is to:

  • Bridge auditing expertise with cloud native security knowledge of the group
  • Obtain industry feedback on gaps of auditing cloud native
  • Propose resources or program to help fill said gap
  • Create said resources/programs

Impact: This will help improve the state of auditing cloud native security, which would make modern cloud native methodologies and security controls more widely accredited. This would in turn lead to better adoption of cloud native technologies.

Scope:

This effort will consists of:

Part 1: Knowledge aggregation (~ 2-4 weeks)

  • Understanding resources around the current state of auditing cloud native
  • Having a series of presentations / workshops around auditing cloud native as part of the STAG

Part 2: Understanding state of industry (2 weeks, with about 1-2 months waiting period for survey results)

  • Create a CNCF microsurvey around auditing cloud native

Part 3: Identifying and filling gaps (2-3 weeks to identify gaps and propose resources)

  • Identify gaps based on feedback
  • Create proposals to help fill the gap

Proposals to fill gaps will then be treated as separate projects linking back to this umbrella effort.

cc: @achetal01 @TheFoxAtWork @johnyeoh

TO DO

  • [ ] Security TAG Leadership Representative: @lumjjb
  • [ ] Project leader(s):
  • [ ] Project Members:
  • [ ] Fill in addition TODO items here so the project team and community can see progress!
  • [ ] Scope
  • [ ] Deliverable(s)
  • [ ] Project Schedule
  • [ ] Slack Channel (as needed)
  • [ ] Meeting Time & Day:
  • [ ] Meeting Notes (link)
  • [ ] Meeting Details (zoom or hangouts link)
  • [ ] Retrospective

lumjjb avatar Dec 10 '21 23:12 lumjjb

I would like to contribute

ragashreeshekar avatar Jan 06 '22 10:01 ragashreeshekar

Awesome - will be jumpstarting this when I get back from vacation in a couple weeks!

lumjjb avatar Jan 07 '22 09:01 lumjjb

I will be interested in contributing

sand339 avatar Jan 15 '22 10:01 sand339

I'm interested in contributing

kvql avatar Feb 09 '22 16:02 kvql

I would be interested in assisting with this as well.

d-lanm avatar Mar 02 '22 19:03 d-lanm

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar May 02 '22 06:05 stale[bot]

Interested in contributing as well!

sayantani11 avatar Jun 15 '22 16:06 sayantani11

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Sep 21 '22 04:09 stale[bot]

Closing this issue as it didn't build enough momentum to get started. Perhaps for lack of participation from individuals with practical audit experience. Should anyone want to revisit the effort, we can look back at with it would require to get folks going.

anvega avatar Jun 21 '23 01:06 anvega