Operational Trust: When Security and Delivery Co-Design Access Models
REXDevSecOps
2025-12-10 | 12:00 PM - 12:15 PM | Amphitheater Gaston Berger I Level -2
Information
How can we build more security based on trust?
At Datadog, our security team has chosen collaboration over coercion: working with the product and platform teams, we have redesigned our model for accessing sensitive data.
In this feedback, we present how Datadog strengthened its security posture without friction for its teams.
Faced with overly broad access to potentially sensitive information, our security team collaborated with the product and platform teams to rethink the permissions model on our self-managed Kubernetes clusters. By analyzing audit logs and gradually deploying a new RBAC controller to dynamically configure permissions, we restricted access to sensitive logs to only the appropriate teams, while maintaining operational fluidity.
Beyond the technical aspect, this initiative was an exercise in listening and co-construction: understanding real needs, adapting tools to practices, assessing the scope of the task and then ensuring complete coverage of the scope. If we develop here an example around Kubernetes, the lessons to be learned go far beyond this framework: how to reduce privileges without creating friction, how to anchor security in team culture, and how to evolve operational models through experimentation and trust.
