Sonrai Security website logo for identity and data governance and cloud security

From Monolith to Microservices: Security Pitfalls to Avoid

Author: Eric Kedrosky | Date: July 12, 2020
Read Time: 3 minutes
Skill Level: Learner
Skill Level: Learner
Understanding Your AWS Lambda Privilege Escalation Risk | Microservices

Your application is starting to resemble the Stay-Puft Marshmallow Man in Ghostbusters. In other words, it’s a massive, lumbering monolithic application that’s becoming impossible to manage. 

It was never supposed to be like this. But as time went on, the application kept getting bigger and bigger, filled with more and more code that made it harder and harder to manage. Now, your application is being held back by scalability issues, slow deployments, poor performance, and a general lack of agility. 

Many businesses in this situation are attempting to migrate from monoliths to microservices in order to improve operations. According to IDC, by 2021 enterprise apps will shift towards hyperagile architectures, with 80 percent of application development on cloud platforms using microservices and cloud functions, and over 95 percent of new microservices deployed in containers. What’s more, 73 percent of firms using or planning to use microservices believe that it’s a very or extremely beneficial approach for building next-generation services and applications.

However, while transitioning to microservices can bring many benefits to your organization, there are also some significant security risks to consider, which we’ll examine next. 

Security Considerations for Microservices 

Businesses need to be especially vigilant when migrating to microservices — both during the migration and after deployment. Here are some things to keep in mind as you move to microservices.

1. Identity Management is Critical

Microservices are structured as a collection of services that are loosely coupled and independent of one another. As you break your application down into smaller microservices, it can be difficult to keep track of the people who have access to each specific component. Failure to track identity management across microservices can leave applications vulnerable to attacks, presenting easy backdoor access to sensitive data and system controls. 

2. Track Access Points 

Deploying microservices will greatly expand your attack surface. Microservices require using significantly more code, which means more things to manage and more opportunities for hackers to exploit. They also contain numerous APIs and ports, giving bad actors more entry points into your systems. 

For these reasons, microservices can be easier to breach than monolithic apps in some cases. It’s very important to centralize and monitor access points to avoid losing control as more microservices are created. Failure to track access points could result in unauthorized users gaining access to mission-critical systems and data.

3. Form a Fault-Tolerance Strategy 

One of the most important things you'll want to consider is how you’ll handle fault tolerance when switching over to a microservices environment. 

Timeouts and service failures can snowball and take down entire clusters if left unchecked. Make sure you have a plan in place to ensure stability across your new ecosystem and prevent faults from impacting operations.

Common Security Pitfalls When Migrating to Microservices

Here are some common security pitfalls that you’ll want to avoid when migrating to microservices. 

1. Neglecting to Monitor Services 

Your business will need to form a strategy for monitoring applications at scale and providing real-time feedback. In all likelihood, this will require a different approach than the system that you used to monitor your monolithic application.

Don’t wait until after you start deploying microservices to determine how you want to handle performance and security monitoring. Prioritize monitoring and form a plan early on in the process to prevent mistakes when it’s too late. 

2. Using Only One Firewall

If there is one thing we can’t stress enough, it’s the importance of layering your defenses. 

You need to protect all of your layers in order to prevent attacks and segment services from the network. This means using multiple firewalls instead of a single external firewall. 

3. Refusing to Re-architect Apps for the Cloud

Here’s a frightening statistic: 78 percent of enterprises migrate applications without rearchitecting them for the public cloud. 

In most cases, this is avoided to save time during migration. 

However, this is not a process that you want to rush through. Going through the process of rewriting code and implementing secure frameworks can help ensure a strong and secure application.

4. Sharing Data Repositories 

Above all else, you should try and isolate your data stores when deploying microservices. 

By preventing microservices from accessing other data repositories, you can prevent attacks from moving laterally across your network. Compromised accounts will have a harder time spreading from one microservice to the next. Isolating your data can also lead to performance improvements, resulting in fewer system errors, faster processing, and an improved user experience. 

Before you get started…

These are just a few security tips to keep in mind throughout the migration process. Ultimately, migrating to microservices will require a completely different approach to security. For more information on what such an approach might look like, check out Sonrai’s Cloud Security Principles checklist.

You Might Also Like

Cloud Security Considerations for AWS, Azure, & Google

With the rise of the cloud, data security has changed dramatically. Older data security models based on fortified p[...]

Read More

Effective Permissions: Fact vs. Fiction

So your company is now operating in the cloud. It’s exciting, isn’t it?  So many tools at your disposal, s[...]

Read More

Lessons We Learned From The CIA Data Breach

CIA cyber weapons were stolen in 2016 in a historic breach due to 'woefully lax security,' according to a story pub[...]

Read More
magnifier