Microservices security

An architect's guide to microservices security

Last updated:January 2019

Editor's note

Organizations develop security strategies to specifically address the vulnerabilities of their application architectures. Traditional security methods applied to monolithic applications don't cut it in a microservices architecture. In order to meet the pace of architecture changes, teams need to rethink how they approach security.

This guide brings together a number of tips, advice columns, tool reviews and other resources that should help you develop an understanding of microservices security and the strategy you need to pursue.

1Basics of microservices security

Microservices present a decentralized and granular architecture, a fact that brings forth specific security challenges. Explore how microservices fundamentally change security requirements and why they require a shift in IT security mentality. Then, try the quiz to put your microservices security knowledge to the test.

2Form a security plan for microservices

A microservices security plan involves managing numerous interdependent parts and a large attack surface for applications. This level of risk requires a concerted defense-in-depth strategy, which covers monitoring, logging, tracing and threat detection. Learn how to build each layer of a multilevel microservices security plan and attune development and security teams to this architecture's requirements.

3Microservices security tooling and techniques

After building an in-depth microservices security plan, find the right tools. While some of these tools are similar to traditional products for IT security on monolithic apps, there is also a call for new utilities that bring about increased levels of automation -- a must for protecting a distributed architecture. These expert articles assess the top tools for distributed tracing, security automation, container monitoring and other key security tasks so that you can put together a microservices security toolchain with confidence.

4Terms and concepts related to microservices security

In the course of learning about microservices security, you may come across some unfamiliar terminology. App developers and architects must build up a vocabulary to accurately discuss technologies with security experts and vice versa.