Security in the land of Microservices

BSides MSP 2017

Presented by: Jack Mannino
Date: Saturday June 24, 2017
Time: 13:30 - 14:15
Location: Track 2

Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are server-less. Everyone wants to move quickly to ship new services. Your job is to make sure all of the above happens in a secure and sane way.

In this presentation, we will discuss the challenges with securing microservices and techniques to make security a seamless and friction less part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind.

Jack Mannino


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats