5 Tips to Secure Your Microsevices Like an International Secret Agent

In security there are no silver bullets. It’s a cliche that rings true, more so now than ever before.In this blog post, I want to provide some tips for writing secure code in the era of microservcies, and give you a simple metaphor to remember along the way.First, a little background. I began my career writing “monolithic” server applications, mostly through frameworks such as Django and Plone. The approach was fairly straightforward: all parts of the app had access to the backend database; limits were enforced on the end user.Now we have moved rapidly to microservices (which I like very much, by the way). Microservices allow micro-releases, moving the development cycle from a quarterly (or longer) “all hands on deck” release to “as soon as it’s ready” release of a minimal feature set, code fix, or both. For this to be successful most of the services need to maintain a level of compatibility in their edges and expected results and deployment steps need to have some level of idempotency (and of course ability to rollback).The changes in the way we develop software require a change in the mindset of the way we think about and implement security. Security must now be a...
Read more