Microservices Security Fundamentals MICROSERVICES SECURITY - - PowerPoint PPT Presentation

microservices security fundamentals
SMART_READER_LITE
LIVE PREVIEW

Microservices Security Fundamentals MICROSERVICES SECURITY - - PowerPoint PPT Presentation

Nov 10, 2022 246 likes •649 views

Microservices Security Fundamentals MICROSERVICES SECURITY CHALLENGES Wojciech Lesniak PRINCIPAL DEVELOPER / TECH LEAD @voit3k Microservices International Data Corporation (IDC) predicts that by: 2019 Q1 Microservices International Data

slide-1
SLIDE 1

@voit3k

PRINCIPAL DEVELOPER / TECH LEAD

Wojciech Lesniak

MICROSERVICES SECURITY CHALLENGES

Microservices Security Fundamentals

slide-2
SLIDE 2

Microservices

International Data Corporation (IDC) predicts that by: 2019 Q1

slide-3
SLIDE 3

Microservices

90%

Of all applications will feature microservices architectures that improve the ability to design, debug, update, and leverage third-party code. 2022 Q2 International Data Corporation (IDC) predicts that by:

slide-4
SLIDE 4

Polyglot Each service can implement its own technology stack

Flexibility a Microservices Architecture

Agile Teams Smaller independent Teams Independent Developed, deployed and scaled independently

slide-5
SLIDE 5

Microservices the promised land

slide-6
SLIDE 6

API Gateway

Microservices Architecture Patterns

Service discovery Distributed tracing Client load balancing

slide-7
SLIDE 7

Stifling team productivity. Reduce the performance or time to market

  • f the application.

Negating any of the benefits a microservices architecture.

How do you secure your Microservices without ?

slide-8
SLIDE 8

Bugs in Microservices

Fix, test and deploy the offending microservice.

slide-9
SLIDE 9

Fail Fast Fail Early Fail Often

slide-10
SLIDE 10

Reputational and brand damage Loss of trust Financial loss

Consequences of Security Breaches

Legal issues Bankruptcy Negative headlines

slide-11
SLIDE 11

There are also tried and tested best practices and architectural patterns you can use to solve the security challenges within your Microservices architecture.

slide-12
SLIDE 12

DevOps: Security is now everyone's responsibility.....

slide-13
SLIDE 13

Draconian Excessively harsh, severe and lock everything down

Your Security Implementation Should Not Be

slide-14
SLIDE 14

The Challenges of Microservices Security

slide-15
SLIDE 15

Monolith Microservices

Contrast Security Challenges

slide-16
SLIDE 16

Security Fundamentals and Prevention

  • the various techniques and patterns you

can use secure your microservices architecture.

slide-17
SLIDE 17

Hackers Are Lazy

slide-18
SLIDE 18
slide-19
SLIDE 19

Detection

Identifying security vulnerabilities throughout the development lifestyle. Monitoring and identifying security breaches. Reacting to security breaches.

slide-20
SLIDE 20

Threat Modelling Prioritize security vulnerabilities

Engrain a Security Culture within Your Development Teams

slide-21
SLIDE 21

Is an information assurance concept in which multiple layers

  • f security controls (defence) are placed throughout an

information technology (IT) system. Also known as a castle approach.

Defenc nce i in D n Depth

slide-22
SLIDE 22
slide-23
SLIDE 23

Monolith Microservices

slide-24
SLIDE 24

Monolith Microservices

Contrast Security Challenges

slide-25
SLIDE 25

Monolith Microservices

slide-26
SLIDE 26

Data Access Pricing Support HTML Portfolio REST

PORT: 80

Account

in-process

Session Smaller attack surface. In-process communication between components is more secure. User context is stored centrally, easily retrievable and trusted.

Mono nolith th

slide-27
SLIDE 27

Data Access Support REST Data Access Account REST Data Access Portfolio REST

Microservices

Data Access Pricing REST

slide-28
SLIDE 28

Confused Deputy

JS HTML Service GET: /victoria Victoria Data Access Account REST Data Access Portfolio REST GET: /joe

slide-29
SLIDE 29

Data Access Support REST Data Access Account REST Data Access Portfolio REST

Bootstrapping Secrets

Data Access Pricing REST

Env variables Env variables Env variables Env variables

slide-30
SLIDE 30

Secret Sprawl

Property file Env variables Source code Configuration management Source control

slide-31
SLIDE 31

Challenges with immutable servers

  • Secrets and whitelists cannot be

maintained on the servers file system.

Data Access Portfolio REST Immutable Server Docker Container Microservice

slide-32
SLIDE 32

Security is not just authentication and authorization, it’s also quality of service

slide-33
SLIDE 33

Denial of Service

slide-34
SLIDE 34
slide-35
SLIDE 35

Netflix Microservices Architecture

slide-36
SLIDE 36

Monitoring and Tracing

Queue

slide-37
SLIDE 37

Queue

slide-38
SLIDE 38

Challenges due to polyglot Challenges due to polyglot mic icroser ervic ices es a archit itec ectures es. Requires security expertise for each technology. Maintaining multiple sets of security best practices and guidelines for each technology. Keeping up with security patches. Queue

slide-39
SLIDE 39

Your Microservices security implementation should not:

  • Resemble a monolith.
  • Prevent your service from being

scaled and deployed independently.

  • Degrade your applications

performance.

  • Stifle team productivity.
  • Prevent or restrict your teams from

experimenting and selecting different technology stacks.

Key Takeways