It is very easy to spin up a microservice, and it is getting more common for organisations - even traditional enterprises - to create a large number of microservices. While "what is the right number of microservices to have?" is a separate debate, whatever that number is, it is now much harder to secure a system than before.

What used to be a single process call in a monolith, spans to multiple calls all over the network, thereby increasing the surface area of attack.

In this talk, you will learn about the context of security in a microservices world and different patterns to secure your services.


Outline/Structure of the Demonstration

  • 20 minutes talk
  • 20 minutes demonstration
  • And Q&A

Learning Outcome

  • Authentication and authorization patterns using OAuth
  • Good patterns for implementing authorization and entitlements for different APIs
  • Security through abstraction using service mesh
  • The lessons we’ve learned in securing microservices

You will walk away with the knowledge to understand and choose an appropriate pattern for securing your system.

Target Audience

This talk is aimed at senior to lead level developers and architects, who build and run multiple microservices.

schedule Submitted 5 months ago

Public Feedback

comment Suggest improvements to the Speaker
  • Naresh Jain
    By Naresh Jain  ~  1 month ago
    reply Reply

    Hi Kiruthika,

    Thanks for your submission. 

    Can you please clarify the following:

    • In my experience, authorization and entitlements is a very large and deep topic. Will it be possible for you to focus just on this topic and go deep? If yes, please update your outline to call out what all topics you'll cover in this area and how you plan to break-down the 45 mins?
    • For 45 mins sessions, we prefer just 1 speaker. Can we have just one speaker? If not, can you please explain how having a co-present is going to help? 
    • Naresh Jain
      By Naresh Jain  ~  1 month ago
      reply Reply

      Hi Kiruthika,

      Can you please reply?

  • Aino Corry
    By Aino Corry  ~  3 months ago
    reply Reply

    Hi Kiruthika, thank you for your submission. 

    As for your other submission. very good, but unsure if it fits the audience

    • Kiruthika Samapathy
      By Kiruthika Samapathy  ~  3 months ago
      reply Reply

      Hi Aino,

      It will definitely be useful if you are expecting developers/architects attending. In my experience, in most of the organisations security is done as a bolt-on after building a few microservices. There are different patterns in OAuth and each comes with its own advantage, often teams are not clear with the right solution. I have seen this work well when product owner also understand the importance and benefits of applying security and not see that as tech task.