Keep Microservices Secure Even from Themselves
Lee Atchison
Co-Founder & CTO, Product Genius Corporation. Thought Leader, Cloud Expert, Best Selling Author. O'Reilly Media, LinkedIn Learning. Host Software Engineering Daily. Ex-Amazon, Ex-AWS. softwarearchitectureinsights.com.
First Up: The Long March
On January 12th, I was fortunate enough to be a panelist at Predict 2023, called _**The Long March**_. We discussed how to make Kubernetes more accessible to a larger group of companies and the technologies needed to support mission-critical workloads in the data center and less compute-intensive environments.
DevOps Unbound: What’s in Store for DevOps in 2023?
In the past couple of years, businesses have been leveraging DevOps to drive their digital and cloud transformations and enable rapid innovation. Now it’s time to look back at the lessons learned and look forward to the future. With so many changes going on in the industry, what does 2023 have in store for DevOps? What are the DevOps practices and technologies that will shape the future of business?
Mitch Ashley (Techstrong) is joined by our panel of experts Parag Doshi (Tricentis, Lee Atchison (Atchison Technology), Hope Lynch (CloudBees) and Tim Banks (Dell) while they share their predictions for the upcoming year and discuss: The DevOps trends to watch in 2023, DevOps, SRE and the future of software development, DevOps at the edge, the future of automated testing and DevOps, the state of cloud-native application development in 2023, the rise of citizen developers, how AI and ML are transforming DevOps, and more!
Last Week’s Top Story: Keep microservices secure, even from themselves
Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes and lend themselves particularly well to applications deployed in the public cloud.
But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploited in neighboring services, ultimately compromising them as well. A single small service can be the entry point to a massive attack that compromises your entire application.
Even if your services are in a private network—behind a cloud firewall—you should not assume the network is safe. Services within the application can still be compromised. And, like the infamous Greek Trojan horse, a compromised service in an otherwise secure network can cause untold damage to your application.
There are many things you can do to keep your service and microservices-based applications safe and secure. But two critical and often overlooked security strategies are absolutely necessary.
领英推荐
Overlooked Strategy: Authenticate all Communications Between Services
In microservices-based applications, inter-service communications are crucial. But authentication between services is often deferred or ignored. After all, if you are inside a private, secure area (such as a cloud VPN), why do you need to authenticate communications between services? All the services are part of the same application and support each other. Why would you need to perform authentication on all requests in such an environment?
Overlooked Strategy: Encrypt Appropriate Comms Between Services
In every application, there is sensitive data. This might be personally identifiable information, account access credentials, customer data, financial data or business-critical data of various forms. This data, if it were to be compromised by a bad actor, could be destructive to the business and its customers and employees.
To avoid this, whenever sensitive data is communicated from one service to another, the data needs to be sent over an encrypted data channel. This is true even if both services are inside a private network, even if access to the network is encrypted. The specific communications of sensitive data from one service to another need to be encrypted.
To understand this fully, read the full article in Container Journal.
Software Engineering Daily: Dev-First Kubernetes Operations Platform with Itiel Shwartz
Kubernetes is an open-source platform for automating the deployment, scaling, and management of containerized applications. The company Komodor started as a Kubernetes diagnostics platform focusing on Kubernetes troubleshooting for the entire Kubernetes stack. More recently, Komodor is taking a step towards becoming a single-pane-of-glass to simplify Kubernetes for developers. In the past, they were more DevOps-focused, and they’ve made some significant changes in the product that will appeal more to the developer. Komodor is also entering into the cluster management space to compete with Lens.?
Listen to my interview with Itiel Shwartz, the co-founder and CTO of Komodor, on Software Engineering Daily.