Microservices are a great way to build software, but they bring their own security problems to the table. Compared to monolithic applications, microservice architectures are often significantly more complex, requiring us to think a little differently about how to build security in. Services are highly decoupled and governance is decentralized, often blurring the line for security duties between teams. This makes it really important to build the proper security controls into your architecture early, before things spin out of control (because, they will). Your team is empowered to move faster than ever and your mission is to help them do it securely.
In this presentation, we will discuss the challenges with securing microservices and present secure design tips to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.