Patterns and techniques for securing Microservices

DevSecCon London 2018 speaker
19 Oct 2018
14:25 - 15:05
CTRL

Patterns and techniques for securing Microservices

Many new and existing systems are built using Microservices. As the number of deployed Microservices increases the complexity in security grows. The addition of multiple autonomous teams further increases the attack surface of a system as more services are pushed into production. Finally the business need to deploy 3rd-party services with “soft” security guarantees must be addressed. As a result maintaining system integrity becomes a significant challenge and one that must be managed. To mitigate some of the risks we present a background on the three A’s (Authentication, Authorization and Accounting) of computer security explaining each in detail and their importance from a broad system perspective. From there we take the audience through a set of Microservice-native patterns and tools for enforcing and managing each `A` with a focus on enforcement and measurement at the service mesh layer. At the conclusion of the talk attendees should have a greater understanding of how to apply system-level security patterns to their Microservice architecture, tools to use to implement the learnt patterns and so improving their security posture.

Microservice architecture overview:

  • Overview
  • The Service mesh as point of security enforcement

Authentication:

  • What is authentication? Who needs to authenticate in a Microservice system.
  • Human versus service authentication standards, patterns
  • Pattern: Transparent user authentication at the service mesh layer using istio

Authorization:

  • What does authorization mean in a Microservice architecture? Who, where when and what.
  • Pattern: OAuth2 authorization at the app layer
  • Pattern: JIT authorization at the service mesh layer using istio

Accounting/auditing:

  • How do we account for or audit what operations are being performed in the system?
  • Pattern: audit measurement at the service mesh layer using istio
Get ticket

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.

Close