Tau manages app lifecycle and platform services; protect control and runtime planes separately.
- Restrict management API/UI access to trusted operators.
- Enforce RBAC and least privilege for project/team scopes.
- Audit platform configuration and deployment policy changes.
- Isolate workloads by namespace/tenant boundaries.
- Enforce network policies and secret-scoped runtime access.
- Apply image provenance and vulnerability scanning in CI.