Microservice architectures allow businesses to develop and deploy their applications in a much more flexible, scalable and convenient way – across multiple languages, frameworks and IT environments. However, new architectures require new tools and technologies, and those bring in new security challenges – and new skills to learn to fight off cyber-attacks efficiently.
Like with any other new technology which developers, operations and security teams are only beginning to explore in the recent years, there is still quite a lot of confusion about the capabilities of new platforms, misconceptions about new attack vectors and renewed discussions about balancing security with the pace of innovation expected from developers. And perhaps the biggest myth of microservice security is that it somehow takes care of itself.
In this session, we’ll look at the core technologies powering modern microservice architectures (containers, APIs, serverless backends, service meshes, etc.) and evaluate both their existing security capabilities and potential gaps to gain a strategic view of all the potential security and compliance challenges you should be thinking about before embracing microservices.
Microservices present a new way of scaling API deployments, where each component is an island, performing a small but well defined task. These systems are quicker to develop and allow for a more agile way of working. As in most designs, security is not part of the original blueprint, which can lead to expensive and hard to manage security solutions. In this talk, Travis Spencer will illustrate how OAuth and OpenID Connect can be leveraged to create a unified distributed framework for Microservices. He will show how this can be used to deliver Microservices’ promise of agility and scalability while also ensuring security.
A microservice architecture brings new challenges to API Security and careful design needs to be applied at operations and development level to ensure corporate data is properly protected from unwanted access.
In this session we explain what API security encompasses, why API security needs to be considered as early as possible in the lifecycle of the microservices, how known standards such as OAuth and OpenID Connect can be leveraged to authenticate and authorize access to microservices and give practical examples and recommendations for the design and deployment of microservice architectures.
