GOTO Berlin is a vendor independent international software development conference with more that 60 top speakers and 600 attendees. The conference covers topics such as Java, Open Source, Agile, Architecture, Design, Web, Cloud, New Languages and Processes.
Maximilian Schöfmann, TweetCo-Founder, Container Solutions Switzerland
Biography: Maximilian Schöfmann
Max runs Container Solutions in Switzerland, a pan-European IT consultancy specialising in the ecosystem around containers, microservices and programmable infrastructure. Before that, he was in charge of IT operations and information security at HolidayCheck, one of Europe's largest travel websites. Together with his teams distributed across Europe, he established DevOps and built HolidayChecks microservice infrastructure around Docker and Mesos. He enjoys growing engineering teams, but is deeply convinced that any good IT manager needs to get his hands dirty regularly - which he does in Go, Ruby and general tinkering with distributed systems.
Presentation: TweetMicroservices - A Security Nightmare?
The currently generally accepted properties of microservices can be summed up as: They are small, and therefore plentiful. They talk over the network, usually via REST over HTTP. They are often built using different technologies, by autonomous teams who assume end-to-end responsibility for their creations and who follow DevOps and Continuous Delivery principles. These days, they also tend to be deployed as software containers via Docker.
Each one of these properties can individually make traditional information security managers shudder. A huge attack surface due to the large number of network services, which are built and run by teams with possibly little security expertise. Changes deployed to production multiple times a day, often without any human intervention or sign-off. All that using whatever new tech stack the team in charge sees fit and run in overhyped container technology, which has yet to prove its security.
In this talk, we will explore if the situation is really that dire, or if the properties of microservices can possibly even strengthen information security in your organisation.