Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microservices offer speed and flexibility, but at a price

Maria Korolov | March 2, 2017
The benefits of microservices are many, but they also come with their own set of security and management challenges

"Now, it's harder to identify where those microservices reside," said Dave Burton, vice president of marketing at security vendor GuardiCore.

Plus, all of the microservices need to communicate with one another, and there are more of them than ever before.

"This dramatically increases the attack surfaces that attackers can exploit," he said.

To set policies for those communications, security teams need to understand where the microservices are, and how they communicate with one another.

Vendors, including GuardiCore, are starting to provide tools that help identify communication endpoints in cloud environments, he said.

"And we think it needs to go even further, and map the communications between individual processes to get a more granular view of how microservices communicate with one another," he said. "You need to auto-discover there, and have it be automatically updated. The second thing that you need to do -- and this is a trend we're seeing in the marketplace -- is to move to more granular security policies inside the data centers and clouds."

This is called microsegmentation, and allows companies to set policies about traffic between individual processes.

"In the event that one of those services gets compromised as a footprint for launching an attack, they'll be able to contain the attack," he said.

In addition, those individual messages all need to be properly authenticated and encrypted, said Owen Garrett, head of product at NGINX, which makes a popular open source web server and load balancer.

He suggested that enterprises look carefully at how they deploy their web application firewalls, encryption, and network segmentation.

Ensuring the security of communications was a big issue for Alkami Technology, which develops and hosts online banking software.

The financial industry is heavily regulated, and vendors need to be sure that they comply with industry best practices, he said. "Is all of our data encrypted at rest? Is it encrypted with best practices in transit?"

To make sure that the security is in place, Alkami uses NGINX as its middleware tier.

"It lets us make sure that we can propagate the best practices for secure controls, rather than having to depend on each developer to do it for each particular microservice," McElroy said. "We want developers to develop more quickly, but we don't want to give up anything from a security design standpoint."

"I see tremendous value in that," he said. "If we didn't have something to take care of some of the basics, then we would be spending a lot of time chasing ghosts."

Short life cycles require automation

In addition to helping speed up development, automated security tools also help companies deal with the microservices-related issue of containers.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.