Security in a Microservices World
It is very easy to spin up a microservice, and it is getting more common for organisations - even traditional enterprises - to create a large number of microservices. While "what is the right number of microservices to have?" is a separate debate, whatever that number is, it is now much harder to secure a system than before.
What used to be a single process call in a monolith, spans to multiple calls all over the network, thereby increasing the surface area of attack.
In this talk, you will learn about the context of security in a microservices world and different patterns to secure your services.
Outline/Structure of the Demonstration
- 20 minutes talk
- 20 minutes demonstration
- And Q&A
- Authentication and authorization patterns using OAuth
- Good patterns for implementing authorization and entitlements for different APIs
- Security through abstraction using service mesh
- The lessons we’ve learned in securing microservices
You will walk away with the knowledge to understand and choose an appropriate pattern for securing your system.
This talk is aimed at senior to lead level developers and architects, who build and run multiple microservices.
schedule Submitted 1 year ago
People who liked this proposal, also liked:
Todd Little - Feedback Loops are the Key to the Learning MindsetTodd LittleChairmanKanban University
schedule 1 year agoSold Out!
At the core of the agile mindset is learning. Continuous learning is only possible through active feedback loops. Linear approaches do not support learning and are doomed to fail in a world of uncertainty. The key is maintaining healthy feedback loops which incorporate new knowledge which enables learning leading to success. An iterative approach with broken feedback loops is similarly doomed.
From Todd’s background as a Chemical and Petroleum engineer the idea of feedback and control loops was natural and to a large extent how he got involved in the agile community. Todd will explain the basics of feedback loops and how they can enable agility and learning, or when broken they can destroy agility and enable other behaviors such as organizational politics.
Kiruthika Samapathy - Preparing for the event-driven worldKiruthika SamapathyLead ConsultantThoughtWorks
schedule 1 year agoSold Out!
The world is always changing. Organizations, traditional enterprises & startups alike want to build systems for the changing world, and they jumped into Microservices hoping they can stay ahead of competitors and be a true disruptor in their domain.
As Sam Newman said, "If we have to reap the true benefits of Microservices architecture, we need to worry much less about what happens inside a service than what happens between the services”. Without a clear understanding of those inter-service interactions, we might end with a distributed microservices where the services are still coupled to some degree. To me, it is just a nice distributed monolith.
Inter-service interactions can be better understood by an event-driven mindset. In the real world, the events drive actions and reactions. The event-driven approach is not anything new, but putting events as a first class citizen will fundamentally shift how systems are designed and make it seamless to think in terms of actual domain models.
Let us talk about the patterns, challenges, and benefits of looking at events as first-class citizens and see how if it is done correctly, it not only solves the problem for today but also enables us to be ready for the future.