Microservices are the latest evolution of services-oriented architecture, where an application is built out of many independent pieces all working together, and often deployed in containers.
Benefits include speed to market, lower costs, and greater flexibility -- but they also come with their own set of security and management challenges.
Lattice Engines, which offers sales and marketing analytics, is planning ahead with a very deliberate roll out schedule.
"We're taking our time to build this out," said Walt Williams, the company's head of security. "We're not going to allow just anyone to spin up a new service or process. This is going to be something that is very tightly controlled here at Lattice. There will be some services-on-demand capabilities, but we're not going to see a spontaneous peak of demand that far exceed our plans, and we're restricting the use of automation to create new services."
The company is currently moving its production environment to the Amazon cloud, using the microservices approach.
"We don't want to do this using traditional approach -- deploy your servers, maintain your servers, put your application on the server, and maintain the application," he said.
These are going to be customer-facing applications, so security is critical.
Using microservices and Docker containers allows the company to quickly and flexibly deploy applications, and the container architecture means that the services themselves will be structurally isolated from the operating system.
"So we can make updates to them independent of any changes to the operating system in which the container resides," he said.
"This way, if there's a vulnerability in the operating system, we're isolated from that," he said. "It prevents escalation of compromise. We're exploiting the modular nature of the environment to enhance security."
However, there are also management challenges and worries about access control and patching schedules.
To address these issues right from the start, Lattice uses the Chef container configuration management tool.
"So, all the Docker containers we are deploying will be centrally managed," he said.
That leaves a gap when it comes to patch management, he said.
There, Lattice uses tools from Tenable Networking Security, one of the small number of vendors that is starting to offer container security and management products.
"Frankly, we look at these containers as a way to ensure patch management," said Williams. "That's one of the areas where the Tenable product is helping us -- we can do vulnerability scanning in the container itself before it is pushed out to production."
Communication and libraries
It used to be that companies could secure the communications of their applications because they were running on a fixed number of physical or virtual servers.
Sign up for CIO Asia eNewsletters.