In order of priority this is my list for Enterprise ready lmk what you think - A lot of things have already been done that we need to continue to maintain eg MFA, IAM with service accounts and federated identities. Happy to discuss further.
SCA and Supply chain security for OSS - #64
NGFW - L3-L7 protection via Next-gen firewall for all assets, resources, apps in the datum domain - NGFW protection for all Datum resources, assets - #69
Network and other resource access should be secured in line with zero-trust principles #68
API rate limiting - #66
Security operations center implementation #57
Attributes based access control is implemented for all Datum resources #65

@mksinghtx it seems to me we should first view this from a customer lens (e.g. platform features they can touch and consume), and then consider a separate list of investments that we need to adopt / document / promote for how we build and run our platform and company so that we can authentically be trusted by Enterprise (or any!) customer. What do you think?

Here is what I am thinking

1. In my experience - enterprise customers will ask us about our internal processes that are supporting the services that our customer is consuming. Eg we are sourcing all our software from Open source in some form or other - how safe is it? "How are you sure it will not impact my services whether I run them( enterprise license scenario)or you run them". Ultimately it is a matter of trust - which i feel is important for the enterprise customer.
2. Features like API rate limiting for control-plane becomes important because of Denial of service attacks specially with agentic workflows.
3. NGFW is an absolute necessity, will be experienced by customer - in fact a layered security model becomes key - eg protection of DNS, LB, Proxy - actually the CEO of ownid asked about this in our call - "What ingress protection do you offer?" I am writing the PRD for this and should be ready by this weekend.
4. SoC is required to detect network threats on the edge and is an essential service for the customer to defend their edge against malicious traffic and intrusions.
5. Network access - This is for protection of customers as well as Datum and hence other customers who are consumers of the network eg Network as a service connecting via their branch. Every user of Datum's network must be authenticated/authorized/limited- we can talk about how granular it should be. Once we do with zero-trust principles we can defend better against breaches and intrusions by having for eg time-bound access policies or cutting off access based on traffic patterns(see SOC above).
6. Attribute based access control is finer granularity and can be mapped to a role for now but ultimately it should take into account temporal and spatial parameters in policy. If Datum resources(proxy or DNS instances)are compromised due to stolen, hijacked credentials, accidental leaks it puts customers at risk. With ABAC policies geographic or location and time parameters would mitigate this to an extent.