Light Dark
August 15, 2017 By Richard O'Mahony 2 min read
Cloud Security

Co-authored by Chris Craig.

To match the ongoing shift to cloud as a means of increasing agility when delivering services, the architectures supporting these services are also evolving. The cloud IT space is full of terminology such as infrastructure-as-code, highly scalable architectures and microservices architecture — a methodology that is gathering significant momentum.

Adopting these compositions of loosely coupled components is a no-brainer because they are highly scalable and enhance agility for development teams. Before jumping straight on board, however, we should pause to understand the security posture that’s required for this migration.

Asking the Right Questions About Your Microservices Architecture

In many ways, a microservices-based architecture is not far removed from an Internet of Things (IoT) deployment: They both show an increase in independent systems and an associated boost in cross-system communication. With the many recent high-profile attacks on such distributed computing environments, its important for cloud vendors to understand threat vectors and plan for security and compliance.

When faced with a microservices architecture, DevOps engineers need to ask the following questions:

  • What is the security impact of the proliferation of application hosting within my environment?
  • How can I ensure all my microservices instances remain aligned from a compliance perspective?
  • How can I ensure all interprocess communications are secure?

To answer these questions, it’s important to go back to the foundations of traditional IT security best practices, including areas such as security information and event management (SIEM) and endpoint security, to ensure that these well-established technologies remain at the heart of evolving SecDevOps processes such as continuous delivery and continuous monitoring.

Maintaining Continuous Delivery

Automation and delivery pipelines are key to cloud agility. The introduction of microservices and their hosting containers has the potential to increase the attack surface. In addition to traditional software components, development teams may now be packaging portions of operating systems and middleware within these containers.

SecDevOps groups must ask if their current endpoint security solutions can be integrated into the build and delivery chains. Securing the containers before they land in production will be critical to overall compliance and security. By shifting security concerns left in the delivery cycle, organizations can save effort and enable more scalable environments.

Continuous Monitoring Is Critical

The increase in interprocess communications must also be addressed. SecDevOps needs to ensure that SIEM systems can monitor large numbers of interconnected communication paths and secure cryptographic solutions, boundary firewalls and individual runtimes. Authentication and authorization service monitoring at a microservice level is also critical to ensure that individual tenant privacy is maintained in multitenant environments.

It certainly is an exciting time to be developing cloud services, but it is still crucial to engage your DevOps leaders and address upfront security concerns when deciding to shift to a microservices architecture. These steps are vital to establish that you have the operational maturity to maintain security services moving forward.

 |  |  |  |  |  |  |  | 
Richard O'Mahony
Senior Engineer, IBM Security

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature