Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.

Get Started Now!

Home Microservices Top 10 things to consider while securing microservices

Top 10 things to consider while securing microservices

Microservices · November 22, 2019 · 0 Comment

Source:-techobserver.in

As enterprises look to become more agile and move towards a DevOps and continuous testing, the need for microservices has grown manifolds.

Businesses require a next-generation web application firewall (WAF) that enables secure delivery of applications. Software development life cycle (SDLC), is as flexible as the dynamic environment and threat landscape and adapts to the needs of the business. Before considering any solution, make sure it meets the requirements of both development and operations (DevOps) and security teams.

SQL injections, cross-site scripting, access violations, remote file inclusion — running applications in a service mesh architecture don’t eliminate the risk from data leakage or service disruptions. Emerging continuous integration and continuous delivery (CI/CD) technologies disrupt common practices and processes and create new blind spots.

Here are 10 characteristics to look for when considering protection to data and applications in a service mesh architecture.

Native Fit into CI/CD Pipeline

  • Kubernetes controlled elasticity — Easily orchestrated, grows and scales application security along with Kubernetes pods, including auto-learned policies and configuration settings.
  • Automation at the speed of development — Application programming interfaces (APIs) for integration with common tools for security provisioning of new services and applications, with a local management and reporting interface.
  • TLS termination — End-to-end encryption is necessary to secure data integrity and avoid eavesdropping and man-in-the-middle (MITM) attacks. A single TLS termination at the host also eliminates spreading multiple certificates across third parties.
  • Minimal footprint — Microservices are all about micro units; thus, the enforcement point in the data plane should be lightweight while the control plane (management, analytics and learning algorithms) is integrated into the environment independently.

Quality of Protection

  • Extensive security — Application protection today goes beyond the OWASP Top 10, so a good WAF needs to accurately detect malicious bot activity, secure APIs and mitigate denial-of-service attacks.
  • Effective security (zero-day protection) — Negative and positive security models are necessary to protect against known and unknown threats, thus maximizing security and minimizing false positives.
  • Adaptive security — Immediate detection of new and modified applications in the CI/CD pipeline isn’t enough and must be followed by automatic generation and optimization of security policies.
  • Data leakage prevention — Make sure data that is being shared externally is protected. Credit card and Social Security numbers must be masked, cookies must be encrypted, and scrapers should be misled with fake data.

Supplementary Requirements

Endorsed technology — Multiple firms evaluate technology solutions, including ICSA, NSS, Forrester and Gartner. Don’t take our word for it — check it for yourself.

Comprehensive reporting and analytics — Visibility to both development, security and operations (DevSecOps) and security teams via integration with common tools and platforms like elastic Kibana, Grafana, Prometheus, among others.

aiuniverse

Related Posts

Microservices

Cloud Microservices Market Will Hit Big Revenues In Future | IBM, Contino, AWS

· February 6, 2021 · 0 Comment

Source – https://www.openpr.com/ Latest released the research study on Global Cloud Microservices Market, offers a detailed overview of the factors influencing the global business scope. Cloud Microservices Read More

Read More
Microservices

The basics of monitoring and observability in microservices

· February 5, 2021 · 0 Comment

Source – https://searchapparchitecture.techtarget.com/ We examine how monitoring and observability help development teams keep a distributed architecture from coming unraveled by individual failures and performance bottlenecks. Failure is Read More

Read More
Microservices

Virtual Panel: The MicroProfile Influence on Microservices Frameworks

· February 5, 2021 · 0 Comment

Source – https://www.infoq.com/ Key Takeaways Since 2018, several new microservices frameworks – including Micronaut, Helidon and Quarkus – have been introduced to the Java community, and have Read More

Read More
Microservices

Microservices design patterns and tools to watch in 2021

· February 2, 2021 · 0 Comment

Source – https://searchapparchitecture.techtarget.com/ Building upon years of momentum, architects are well in the swing of transitioning from the monolith to microservices. Here are three of the top Read More

Read More
Microservices

Mutual TLS: Securing Microservices in Service Mesh

· February 2, 2021 · 0 Comment

Source – https://thenewstack.io/ The world is moving toward microservices-based applications. Service mesh is emerging as one of the main architectures to deploy and manage microservices environments, because Read More

Read More
Microservices

DriveNets reels in $208M for its container-based carrier networking platform

· January 28, 2021 · 0 Comment

Source – https://siliconangle.com/ DriveNets Ltd., a startup developing a software container-based networking platform for carriers, today announced that it has raised $208 million in funding at a Read More

Read More
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x