August 15, 2017 By Richard O'Mahony 2 min read

Co-authored by Chris Craig.

To match the ongoing shift to cloud as a means of increasing agility when delivering services, the architectures supporting these services are also evolving. The cloud IT space is full of terminology such as infrastructure-as-code, highly scalable architectures and microservices architecture — a methodology that is gathering significant momentum.

Adopting these compositions of loosely coupled components is a no-brainer because they are highly scalable and enhance agility for development teams. Before jumping straight on board, however, we should pause to understand the security posture that’s required for this migration.

Asking the Right Questions About Your Microservices Architecture

In many ways, a microservices-based architecture is not far removed from an Internet of Things (IoT) deployment: They both show an increase in independent systems and an associated boost in cross-system communication. With the many recent high-profile attacks on such distributed computing environments, its important for cloud vendors to understand threat vectors and plan for security and compliance.

When faced with a microservices architecture, DevOps engineers need to ask the following questions:

  • What is the security impact of the proliferation of application hosting within my environment?
  • How can I ensure all my microservices instances remain aligned from a compliance perspective?
  • How can I ensure all interprocess communications are secure?

To answer these questions, it’s important to go back to the foundations of traditional IT security best practices, including areas such as security information and event management (SIEM) and endpoint security, to ensure that these well-established technologies remain at the heart of evolving SecDevOps processes such as continuous delivery and continuous monitoring.

Maintaining Continuous Delivery

Automation and delivery pipelines are key to cloud agility. The introduction of microservices and their hosting containers has the potential to increase the attack surface. In addition to traditional software components, development teams may now be packaging portions of operating systems and middleware within these containers.

SecDevOps groups must ask if their current endpoint security solutions can be integrated into the build and delivery chains. Securing the containers before they land in production will be critical to overall compliance and security. By shifting security concerns left in the delivery cycle, organizations can save effort and enable more scalable environments.

Continuous Monitoring Is Critical

The increase in interprocess communications must also be addressed. SecDevOps needs to ensure that SIEM systems can monitor large numbers of interconnected communication paths and secure cryptographic solutions, boundary firewalls and individual runtimes. Authentication and authorization service monitoring at a microservice level is also critical to ensure that individual tenant privacy is maintained in multitenant environments.

It certainly is an exciting time to be developing cloud services, but it is still crucial to engage your DevOps leaders and address upfront security concerns when deciding to shift to a microservices architecture. These steps are vital to establish that you have the operational maturity to maintain security services moving forward.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today