Why focus on application governance?
Being application-centric helps security match the speed and agility of Kubernetes.
Applications are a natural trust boundary
When one app gets compromised, it doesn’t put other apps at risk in a shared Kubernetes cluster.
Privileges should be verified for an Identity
Applications have a natural identity lending to true zero-trust networking (least-privilege) that prevents lateral movement and exfiltration.
App privileges are portable
Application privileges can be discovered once and reused later, improving agility.
Intra-app chatter can be overwhelming
Apps provide a natural boundary to hide internal microservices chatter and achieve the attack surface of the corresponding original monolith.
Least-privileges for every application
Application privileges are inherent and can be auto-discovered with granular representation in DevOps and attributed to apps.