Presentation: Tweet"Microservices - A Security Nightmare?"
The currently generally accepted properties of microservices can be summed up as: They are small, and therefore plentiful. They talk over the network, usually via REST over HTTP. They are often built using different technologies, by autonomous teams who assume end-to-end responsibility for their creations and who follow DevOps and Continuous Delivery principles. These days, they also tend to be deployed as software containers via Docker.
Each one of these properties can individually make traditional information security managers shudder. A huge attack surface due to the large number of network services, which are built and run by teams with possibly little security expertise. Changes deployed to production multiple times a day, often without any human intervention or sign-off. All that using whatever new tech stack the team in charge sees fit and run in overhyped container technology, which has yet to prove its security.
In this talk, we will explore if the situation is really that dire, or if the properties of microservices can possibly even strengthen information security in your organisation.
Download slides