The currently generally accepted properties of microservices can be summed up as follows: They are small and plentiful. They collaborate over the network. They are often built using different technologies by autonomous teams. These teams assume end-to-end responsibility for their creations and follow DevOps and Continuous Delivery principles. They also tend to be deployed as software containers using Docker.
Each one of these properties individually can make traditional information security managers shudder. A large attack surface due to the great number of network services, which are built and run by teams with possibly little security expertise. Changes deployed to production multiple times a day, often without any human intervention or sign-off. All that using whatever new tech stack the team in charge sees fit and run in overhyped container technology, which has yet to be proven in production.
This talk explored if the situation is really that dire, or if the properties of microservices can possibly even strengthen information security in your organisation.
12. Microservices (2016) …
small, hence many services
talking over the network
built with different technologies
by autonomous teams with end-to-end responsibility
13. Microservices (2016) …
small, hence many services
talking over the network
built with different technologies
by autonomous teams with end-to-end responsibility
doing DevOps and Continuous Delivery
14. Microservices (2016) …
small, hence many services
talking over the network
built with different technologies
by autonomous teams with end-to-end responsibility
doing DevOps and Continuous Delivery
using containers
15. Microservices (2016) …
small, hence many services
talking over the network
built with different technologies
by autonomous teams with end-to-end responsibility
doing DevOps and Continuous Delivery
using containers
16. Microservices are the result of combining
architectural ideas from lightweight SOA
and Domain Driven Design,
organisational approaches like DevOps
and Agile Software Development, and
technology innovations like Containers
and Programmable Infrastructure
59. Freeze image for analysis
payment
service
instance #2
docs upload
service
instance #1
payment
service
instance #1
cat picture
service
instance #1
meme
generator
instance #1
bookmark
manager
instance #1
payment
service
instance #1
60. Or even the running container… (criu.org)
payment
service
instance #2
docs upload
service
instance #1
payment
service
instance #1
cat picture
service
instance #1
meme
generator
instance #1
bookmark
manager
instance #1
payment
service
instance #1