As enterprises look to become more agile and move towards a DevOps and continuous testing, the need for microservices has grown manifolds.

Businesses require a next-generation web application firewall (WAF) that enables secure delivery of applications. Software development life cycle (SDLC), is as flexible as the dynamic environment and threat landscape and adapts to the needs of the business. Before considering any solution, make sure it meets the requirements of both development and operations (DevOps) and security teams.

SQL injections, cross-site scripting, access violations, remote file inclusion — running applications in a service mesh architecture don’t eliminate the risk from data leakage or service disruptions. Emerging continuous integration and continuous delivery (CI/CD) technologies disrupt common practices and processes and create new blind spots.

Here are 10 characteristics to look for when considering protection to data and applications in a service mesh architecture.

Native Fit into CI/CD Pipeline

• Kubernetes controlled elasticity — Easily orchestrated, grows and scales application security along with Kubernetes pods, including auto-learned policies and configuration settings.
• Automation at the speed of development — Application programming interfaces (APIs) for integration with common tools for security provisioning of new services and applications, with a local management and reporting interface.
• TLS termination — End-to-end encryption is necessary to secure data integrity and avoid eavesdropping and man-in-the-middle (MITM) attacks. A single TLS termination at the host also eliminates spreading multiple certificates across third parties.
• Minimal footprint — Microservices are all about micro units; thus, the enforcement point in the data plane should be lightweight while the control plane (management, analytics and learning algorithms) is integrated into the environment independently.

Quality of Protection

• Extensive security — Application protection today goes beyond the OWASP Top 10, so a good WAF needs to accurately detect malicious bot activity, secure APIs and mitigate denial-of-service attacks.
• Effective security (zero-day protection) — Negative and positive security models are necessary to protect against known and unknown threats, thus maximizing security and minimizing false positives.
• Adaptive security — Immediate detection of new and modified applications in the CI/CD pipeline isn’t enough and must be followed by automatic generation and optimization of security policies.
• Data leakage prevention — Make sure data that is being shared externally is protected. Credit card and Social Security numbers must be masked, cookies must be encrypted, and scrapers should be misled with fake data.

Supplementary Requirements

Endorsed technology — Multiple firms evaluate technology solutions, including ICSA, NSS, Forrester and Gartner. Don’t take our word for it — check it for yourself.

Comprehensive reporting and analytics — Visibility to both development, security and operations (DevSecOps) and security teams via integration with common tools and platforms like elastic Kibana, Grafana, Prometheus, among others.

The post Top 10 things to consider while securing microservices appeared first on Artificial Intelligence.

Microservices is an architectural style that builds applications from a collection of loosely coupled services. The protocols used are lightweight and the services are very fine grained.  Each service stands on its own, and as such, makes development, testing, and refactoring of applications easier.  Because each service is independent, microservices enable application development to be more easily split up among developers and teams to allow parallel work.

A recent report on microservices from the results of a RedHat survey taken at the end of 2017 had the following results:

• Developers are using microservices for both new application design and when interact with legacy systems
• Microservice benefits include: Continuous Integration (CI), Continuous Deployment (CD), agility, scalability, higher developer productivity, and easier debugging and maintenance
• Microservice challenges include: management, and diagnostics and monitoring
• Current microservice developers said that they prefer a best of breed approach that is multi-runtime, multi-technology, and multi-framework.

Matt Miller, partner at Sequoia, told Forbes that “if you think about it from a technology point of view, as we have gone from things like the mainframe to client-server to cloud infrastructure to virtualization, each time we have successfully inserted a new layer of abstraction, our quality has gone up meaningfully, the time it takes to develop applications has come down, and so have our costs… That is why we are excited about microservices and think it is so disruptive. For companies looking to adopt it, it is disruptive because it is a huge paradigm step forward in the efficiency that can be gained in building your applications. You can operate the technology aspects of your business, which is more of your business, at a much faster rate than you could before.”

The post Microservices: Streamlining Development by Breaking up Monolithic Applications appeared first on Artificial Intelligence.

Even Match.com could not have done a better job finding a mate for microservices. Microservices – single-function services built by small teams, independent from other functions, and communicating only through public interfaces – simply make a great match for containers. Microservices plus containers represent a shift to delivering applications through modular services that can be reused and rewired to perform new tasks.

Why do containers and writing apps go together so well?

Containerizing services like messaging, mobile app development and support, and integration lets developers build applications, integrate with other systems, orchestrate using rules and processes, and then deploy across hybrid environments.

But don’t think of this as merely putting middleware into the cloud in its traditional form. Think of it as reimagining enterprise app development for faster, easier, and less error-prone provisioning and configuration. That adds up to more productive – and hopefully, less stressed – developers, especially at a time when speed is a core requirement for business.

When apps meet containers

One key idea behind microservices: Instead of large monolithic applications, application design will increasingly use architectures composed of small, single-function, independent services that communicate through network interfaces. This suits agile and DevOps approaches, and reduces the unintended effects associated with making changes in one part of a large monolithic program.

Linux containers can technically encapsulate monolithic applications effectively, just as if they were in a virtual machine or on a “bare metal” physical server. However, modern standards-compliant Linux container technology encourages breaking down applications into their separate processes and provides the tools to do so. (The Open Container Initiative – OCI – maintains standard runtime and image specifications for containers.)

This granular approach has several advantages:

1. Modularity equals flexibility

The current approach to containerization emphasizes the ability to update, restart, and scale components of an application independently – without unnecessarily taking down the whole app. In addition to this microservices-based approach, you can share functionality among multiple apps in much the same manner as service-oriented architectures more broadly. This means you’re not rewriting common functions (often in subtly incompatible ways) for every application.

2. Layers and image version control: DevOps win

Each container image file is made up of a series of layers. When the image changes, a new layer is created that’s essentially a set of filesystem changes. Configuration metadata such as environment variables or default arguments are properties of the image as a whole rather than any particular layer.

A variety of projects can be used to create images. These include the upstream Docker project, which requires a Dockerfile and a runtime daemon, while Buildah from Project Atomic can build a container from scratch.

The image layers are reused when building a new container image. This makes the build process fast and has tremendous advantages for organizations applying DevOps practices like continuous integration and deployment (CI/CD). Intermediate changes are shared between images, further improving speed, size, and efficiency. Inherent to layering is version control. Every time there’s a new change, you essentially get a built-in change-log.

3. Rollback: Fail fast safely

Perhaps the best part about layering is the ability to roll back. Every image has layers. Don’t like the current iteration of an image? Roll it back to the previous version. This further supports an agile development approach and helps make CI/CD a reality from a tools perspective.

4. Rapid deployment: Precious time gains

Getting new hardware up, running, provisioned, and available used to take days. And the level of effort and overhead was burdensome. OCI-compliant containers can reduce deployment to seconds. By creating a container for each process, developers can quickly share those similar processes with new apps.

And because an operating system doesn’t need to restart in order to add or move a container, deployment times are substantially shorter.

Think of technology as being in support of a more granular, controllable, microservices-oriented approach that places greater value on efficiency.

5. Orchestration: Take it to the next level

An OCI-compliant container runtime by itself is very good at managing single containers. However, when you start using more and more containers and containerized apps, broken down into hundreds of pieces, management and orchestration gets tricky. Eventually, you need to take a step back and group containers to deliver services – such as networking, security, and telemetry – across your containers.

Furthermore, because containers are portable, it’s important that the management stack that’s associated with them be portable as well. That’s where orchestration technologies like Kubernetes come in, simplifying this need for IT.

Rethinking applications

While containers can be used simply to encapsulate and isolate applications in a similar manner to virtual machines, they’re most effective when used as a fundamentally new way of packaging and architecting applications. Do this and pair them up with more agile and iterative DevOps processes, and you get apps that are more flexible, more reusable, and delivered more quickly.

The post 5 advantages of containers for writing applications appeared first on Artificial Intelligence.