Our security folk have a mantra, triple A, P.
- Authentication = Login
- Authorisation = What that login is allowed to do
- Auditing = What that login tries to do, permissions/membership changes
- Provisioning = Joiners, movers, leavers processes and mechanisms. Sometimes called JML
The biggest threat comes from within and unless someone is keeping an eye on AAAP internal security naturally degrades with time.
One of the problems with a distributed architecture is that so many things need to be able to talk to each other. This is another reason that infrastructure as code is such a great idea