Table of Contents
Share this entry
Your application is starting to resemble the Stay-Puft Marshmallow Man in Ghostbusters. In other words, it’s a massive, lumbering monolithic application that’s becoming impossible to manage.
It was never supposed to be like this. But as time went on, the application kept getting bigger and bigger, filled with more and more code that made it harder and harder to manage. Now, your application is being held back by scalability issues, slow deployments, poor performance, and a general lack of agility.
Many businesses in this situation are attempting to migrate from monoliths to microservices in order to improve operations. According to IDC, by 2021 enterprise apps will shift towards hyperagile architectures, with 80 percent of application development on cloud platforms using microservices and cloud functions, and over 95 percent of new microservices deployed in containers. What’s more, 73 percent of firms using or planning to use microservices believe that it’s a very or extremely beneficial approach for building next-generation services and applications.
However, while transitioning to microservices can bring many benefits to your organization, there are also some significant security risks to consider, which we’ll examine next.
Security Considerations for Microservices
Businesses need to be especially vigilant when migrating to microservices — both during the migration and after deployment. Here are some things to keep in mind as you move to microservices.
1. Identity Management is Critical
Microservices are structured as a collection of services that are loosely coupled and independent of one another. As you break your application down into smaller microservices, it can be difficult to keep track of the people who have access to each specific component. Failure to track identity management across microservices can leave applications vulnerable to attacks, presenting easy backdoor access to sensitive data and system controls.
2. Track Access Points
Deploying microservices will greatly expand your attack surface. Microservices require using significantly more code, which means more things to manage and more opportunities for hackers to exploit. They also contain numerous APIs and ports, giving bad actors more entry points into your systems.
For these reasons, microservices can be easier to breach than monolithic apps in some cases. It’s very important to centralize and monitor access points to avoid losing control as more microservices are created. Failure to track access points could result in unauthorized users gaining access to mission-critical systems and data.
3. Form a Fault-Tolerance Strategy
One of the most important things you’ll want to consider is how you’ll handle fault tolerance when switching over to a microservices environment.
Timeouts and service failures can snowball and take down entire clusters if left unchecked. Make sure you have a plan in place to ensure stability across your new ecosystem and prevent faults from impacting operations.
Common Security Pitfalls When Migrating to Microservices
Here are some common security pitfalls that you’ll want to avoid when migrating to microservices.
1. Neglecting to Monitor Services
Your business will need to form a strategy for monitoring applications at scale and providing real-time feedback. In all likelihood, this will require a different approach than the system that you used to monitor your monolithic application.
Don’t wait until after you start deploying microservices to determine how you want to handle performance and security monitoring. Prioritize monitoring and form a plan early on in the process to prevent mistakes when it’s too late.
2. Using Only One Firewall
If there is one thing we can’t stress enough, it’s the importance of layering your defenses.
You need to protect all of your layers in order to prevent attacks and segment services from the network. This means using multiple firewalls instead of a single external firewall.
3. Refusing to Re-architect Apps for the Cloud
Here’s a frightening statistic: 78 percent of enterprises migrate applications without re-architecting them for the public cloud.
In most cases, this is avoided to save time during migration.
However, this is not a process that you want to rush through. Going through the process of rewriting code and implementing secure frameworks can help ensure a strong and secure application.
4. Sharing Data Repositories
Above all else, you should try and isolate your data stores when deploying microservices.
By preventing microservices from accessing other data repositories, you can prevent attacks from moving laterally across your network. Compromised accounts will have a harder time spreading from one microservice to the next. Isolating your data can also lead to performance improvements, resulting in fewer system errors, faster processing, and an improved user experience.
Before you get started…
These are just a few security tips to keep in mind throughout the migration process. Ultimately, migrating to microservices will require a completely different approach to security. For more information on what such an approach might look like, check out Sonrai’s Cloud Security Principles checklist.
THE ARCHITECT
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity Audit
Request Your AuditSonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.