Security is a subject across domains. So, there must be a balance between pushing some risks and responsibilities to the technology team and to the incident responder. But the action taken is an internal decision that you need to discuss!
Kubernetes help fight emerging threats, especially due to the fast innovations that are happening today, given the advent of AI and many other tools that organizations have. That is where the workloads, configuration, secrets management, network controls, and access controls live. So Kubernetes itself isn't secure or insecure.
From a security standpoint, the Kubernetes project has much to offer out of the box, but it's up to you to ensure every flag is turned on. If you're doing threat modeling with your infrastructure, ops teams, and DevOps teams to understand the plan for getting code, the developers are writing through the pipeline and then into a runtime state.
So then, how can to ensure that it is helping organizations secure their identity access management? So, when you think about identity and access management or entitlements in general, you usually have a single sign-on or identity provider. That will onboard a new user who just started the company. They will get access to some SaaS applications and maybe some infrastructure. Your identity provider isn't.
There's a whole shift left that we have been talking about for the last five years. So we're not doing anything at runtime, and then there's something in the middle of Kubernetes called mission control.