To be as agile as possible, there is a tendency to adopt new technology whenever it appears to have an advantage. Common examples are cloud technology, analytic tools, continuous integration tools, container technology, web platforms and frameworks, and client-side frameworks.
To prevent the adoption of immature, insecure, or privacy-violating components, it is important to review desires and proposed solutions. The technology advisory board should take up this role. It should consist of people with security, privacy, and (some) legal knowledge. It is important not to make this a new 'change advisory board' with monthly review sessions, performing a complete business impact analysis. Rather, it should be in the form of a guild that can identify the maturity of the technology and the possible impact on the ecosystem when things go wrong. It can also act as a guard for implementing multiple tools with the same purpose.
In this way, the total ecosystem can be as lean and secure as possible.
(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)