Microservices – also known as the microservice architecture – is an architectural style that structures an application as a collection of loosely coupled services, which implement business capabilities. The microservice architecture enables the continuous delivery/deployment of large, complex applications. It also enables an organization to evolve its technology stack.
Aporeto offers out-of-the-box service-to-service and user-to-service authentication, authorization and encryption. Users also have uniform API access control policy across services in public or private cloud, and composite user and app identity policy enforcement, without having to build identity management infrastructure into the application business logic. In addition, the Aporeto solution comes with CI/CD and vulnerability assessment integration for rich contextual service identity.
Here are the two key players that enable security for microservices:
Security and data privacy requirement introduce access control and encryption requirements for developers. A few common challenges developers face to meet these requirements while focusing on building their business logic are:
- Enabling encryption across all microservice components requires changes to applications and maintaining the associated public key infrastructure (PKI). Any patches associated with encryption libraries means re-deploying these applications.
- Authorization for APIs needs to be implemented in a distributed manner to ensure all API requests within the Enterprise and access to APIs outside of the Enterprise are sanctioned.
- Secrets management and key distribution for distributed applications – especially ones governed by strict compliance requirements such as PCI – introduce overhead for the developer.
The Security Practitioner
For the security practitioner maintaining visibility, compliance, and control while embracing this architectural transformation towards microservices is the primary goal. A few common challenges security teams face to achieving this goal are:
- Dynamic nature of microservices invalidates existing network security approaches. The commonly-used ticket-driven security practices requiring corporate security teams to create new firewall rules with each release greatly hampers application deployment velocity.
- Losing control over the network and compute infrastructure creates challenges for monitoring the threat landscape at the network and host layer.
- Assessing compliance for containers and new application architectures driven by APIs.
For more information, view our infographic and whitepaper on Security for Microservices: Best Practices here.