Examples of cloud-native policies
This section will expand on some real-world policies related to CaaS and FaaS consumption. Some of these can be more technical than others, and this list is not exhaustive, but it is intended as an example of policies that can be implemented.
- Stakeholders:
- Common language framework: Use a framework to create a unified language across teams and stakeholders, such as NIST CSF.
- Service-level objectives policy: Ensure the services and applications are published following a cloud best practice by leveraging error budgets (https://sre.google/workbook/error-budget-policy/).
- Security:
- Data encryption: Encryption is ubiquitous, as most security frameworks (CIS, NIST, CSA) will mandate data encryption in transit and at rest. You can enforce these practices with native cloud tools such as OPA or the CSP's native tooling. We will discuss this in more detail in Chapter 12, Integrating Policy as Code with Enterprise Workflows.
- Data sovereignty: This...