Security in a Microservices World
It is very easy to spin up a microservice, and it is getting more common for organisations - even traditional enterprises - to create a large number of microservices. While "what is the right number of microservices to have?" is a separate debate, whatever that number is, it is now much harder to secure a system than before.
What used to be a single process call in a monolith, spans to multiple calls all over the network, thereby increasing the surface area of attack.
In this talk, you will learn about the context of security in a microservices world and different patterns to secure your services.
Outline/Structure of the Demonstration
- 20 minutes talk
- 20 minutes demonstration
- And Q&A
- Authentication and authorization patterns using OAuth
- Good patterns for implementing authorization and entitlements for different APIs
- Security through abstraction using service mesh
- The lessons we’ve learned in securing microservices
You will walk away with the knowledge to understand and choose an appropriate pattern for securing your system.
This talk is aimed at senior to lead level developers and architects, who build and run multiple microservices.