Detective controls and preventative controls are concepts we use a lot with our client. We advocate for “Freedom within Boundaries” for develoeprs; at the end of the day, we want devs to go fast, yet organizations are still secure and protected. The boundaries are been configured by two sets of things. A pipeline driven, aka preventative control framework for all below the line fundamental resources, as well as cloud native tools plus OSS tools to prevent any out of boundary actions. Below the line resources are what we describe as “Fundamental Infrastructure”, like SDN, Routing, IAMs while detective controls for some above the line resources like Serverless functions or VMs.