Listen to the latest episode of the Secure Developer podcastListen now
close

DevSecCon

Solving Trust Issues at Scale

May 12, 2020

Omer Levi Hevroni
Sharefacebookmail_outlinelink

Microservices are social constructs: they can’t function without talking with other services. This also raises an interesting question: do we trust all of our microservices?

Not all microservices are the same: some are more sensitive – for example, services that handle personal user data or payment information. Others are user-facing and therefore riskier. We shouldn’t treat all services as equal. A robust mechanism that describes who can talk with who is required.

We dealt with this challenge whilst I was working for Soluto. In this talk, I’ll share the journey we went through until we found a solution we’re happy with: a simple and declarative system that allows services to define who can access them. Any dev can request access to any service, and the service owner can review it. I’ll share how we build this solution (including all the technical details and live demos!), using open source tools like Open Policy Agent, so you can easily build something similar.

Resources:

Omer Levi Hevroni

Omer Levi Hevroni

AppSec/DevSecOps at Soluto

About Omer Levi Hevroni

Omer Levi Hevroni has been coding since the 4th grade, when his father taught him BASIC (Beginner’s All-purpose Symbolic Instruction Code). Today, he’s doing AppSec/DevSecOps at Soluto. He is also an active open source contributor, OWASP Member, and OWASPGlue project leader.

Tags:

Cloud Native Security
Least Privilege
Microservices
Trust
We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close