How microservices have changed enterprise security


Join top executives in San Francisco July 11-12 to hear how leaders are integrating and optimizing AI investments for success, learn more

The microservices revolution has swept across the IT world over the past several years, with 71% of organizations reported to have adopted the architecture by 2021. When discussing microservices, we often hear about their benefits in terms of agility and flexibility in delivering innovation to customers. But one angle that isn’t talked about much is enterprise security concerns.

In the era of monolithic applications, a single security issue can mean hundreds or even thousands of man-hours spent rebuilding an application from scratch. As well as plugging a security flaw, it also meant that DevOps and security teams would have to review and rebuild the application to tweak the dependencies – sometimes the entire application has to be effectively reverse engineered.

Microservices have upended this paradigm. They allow DevOps to surround security flaws or concerns and address them without worrying about breaking their entire application stack. This means not just a quicker turnaround time for security patches, but a more flexible and efficient DevOps team and IT stack overall.


Also read: iOS 16.3 – Hardware Security Keys Explained [Video]

How microservices help ring-fence security flaws

Taking a step back, it’s worth reminding ourselves what a microservices architecture is: a collection of services that are deployed independently and bound together through intermediaries such as APIs. These individual services usually represent the most basic building blocks of your applications.

events

Parivartan 2023

Join us in San Francisco July 11-12, where top executives will share how they’ve integrated and optimized AI investments for success and avoided common pitfalls.

register now

In practice, containers are the technology used to deliver microservices architectures. These lightweight and standalone packages bundle the application code with the lightweight OS, runtime, libraries, and configuration data. By using an orchestration system such as Kubernetes, individual containers can exchange their outputs with each other, enabling them to perform a wide range of tasks that once could only be achieved through a monolithic application. Could have done.

Microservices architectures that are typically delivered by container ring-fences increase a number of security risks by design. Individual microservices only exchange their outputs through an intermediary orchestrated, it is too difficult to breach or compromise a single microservice to compromise the entire application.

playing with the calendar

But what does the above mean in practice? Here’s a thought experiment.

A few years ago, manufacturers found that many consumer devices were rendered unusable if their date was changed to 1/1/1970. Imagine if we introduce that flaw into a calendar application that is used in an enterprise environment. Now, imagine that a black hat attacker saw this issue before the security team and then proceeded to obtain someone’s credentials and changed the current date in the Calendar app to 1/1/1970.

If an enterprise’s DevOps team works with a monolithic application, they must do the following:

  • First, they have to deal with the widespread system malfunction resulting from the attack, which they can’t fix until they remove the flaw.
  • Second, assuming they discovered the flaw was with their Calendar app, they would have to examine the entire source code for the app and manually locate where the problem lies.
  • in the end, they have to review The source code of the entire Calendar app to replace any references to variables or statements associated with the bugged lines of code.

What would it look like if the same DevOps team worked with a microservices architecture?

  • First, once a black hat attacker has changed the date, they will notice that the particular microservice that is at fault is bad.
  • Second, assuming they are using containers, their Kubernetes distribution will flag that the particular container is not sending valid output data.
  • In the end, it is a simple matter for the team to revert the setting of the offending container prior to the malicious date change.

Once they have made this initial diagnosis and fix via setting rollback, a team can then proceed to fix the underlying flaw that gave rise to the vulnerability. The overarching Calendar application and everything that depends on it remained online during this entire process.

Microservices for Efficiency and Proactivity

There is a big takeaway from the above story: In a microservices architecture, only the faulty component needs to be replaced or updated, not the entire application. This means there is less downtime when an issue or vulnerability does arise, as teams can identify and roll back the individual microservice that has been compromised. Furthermore, it makes less work for DevOps and security teams in addressing a defect because they only need to rework an individual microservice, which is necessarily less application than a full monolithic app. Code is about to happen.

Additionally, microservices allow teams to be more proactive. Microservices enable this proactivity through ring-fencing that prevents breaches or cascading vulnerabilities. This ring-fencing frees up teams to continually improve an individual microservice without thinking about the rest of the application.

This means that a DevSecOps professional can focus on monitoring vulnerabilities or releasing security updates. No administrative or logistical work is required to prevent a security update from breaking any other microservices in the application. This flexibility and freedom is invaluable when it comes to fixing zero-day vulnerabilities or securing your apps against emerging threats.

Thanks to microservices, teams can respond to security threats faster and more effectively than ever before. And on the proactive side, microservices can enable teams to harden their systems at a dizzying rate. Overall, this is why microservices have changed the face of enterprise IT security: They let developers, operators, and security teams work faster and with unprecedented flexibility.

Simone Wright is UK Strategic Solutions Director for Red Hat,

datadecision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including technical people who work with data, can share insights and innovations related to data.

Join us at DataDecisionMakers if you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology.

You might even consider contributing an article of your own!

Read more from DataDecision Makers

Source


Related News

Russia on track to record trade surplus

En Microsoft AI lär sig spela Minecraft bara genom att titta på YouTube-videor

Dela

Hur man skapar ett Twitter-konto utan ett telefonnummer

Dela

Stallone berättar om Hollywood i trailern för Sly, hans dokumentär för Netflix

Sly, Stallone's documentary for Netflix.

hur man tar bort ditt Twitter-konto på Android

Twitter har haft sina upp- och nedgångar de senaste åren, och även om ingen riktigt med säkerhet vet vad som kommer att hända med dess nya ägande, finns det gott om

Hur man gör en ficklampa i Minecraft: vi berättar alla möjliga alternativ

I Minecraft finns det vissa element som är avgörande för överlevnad, och en av dem är facklor. Och det är alltid viktigt att ha dessa element att vara