Home Reading Room The Impact of Microservices on Cybersecurity: An In-Depth Look at the Good,...

The Impact of Microservices on Cybersecurity: An In-Depth Look at the Good, the Bad, and the Ugly

Explore the various aspects of microservices in cybersecurity, including their advantages, potential risks, and best practices for leveraging them effectively.

Microservices

Reliance on technology has come full circle since the start of the COVID-19 pandemic. The increased utilization of digital applications for needs such as banking, shopping, and especially healthcare services during the past three years has ushered in a need for consumers to trust technology to assist them in all aspects of daily living. Not coincidentally, the demands placed on app engineers, developers, and designers today require them to offer a level of versatility within their software that was not needed just a few years ago. At a time when the incidence of cybersecurity attacks is at an all-time high, it is now necessary for apps to be built and scalable in a more flexible manner so that they can be addressed appropriately in the event of an incident that requires intervention.

Microservices architecture is a more suitable way to improve the reliability and scalability of today’s software systems. In a microservices cloud-based architecture, a large application is broken down into smaller, independent services that communicate with each other through application programming interfaces (APIs). This allows for more focused development and deployment, as well as easier maintenance and scaling. A microservices approach is in stark contrast to monolithic software applications, which are built as single, unified units that are more complicated and time-consuming to build and deploy.

Site reliability engineers (SREs) appreciate the benefits of microservices because they provide faster development cycles, improved fault tolerance, and easier deployment. At the same time, they recognize that microservices bring new challenges, such as increased complexity in monitoring, tracing issues across multiple services, and recognizing the need for careful management of inter-service communication. These challenges pose significant red flags related to protecting customers from cybersecurity issues. It’s important to understand the need to maintain this type of architecture if privacy and security are going to be upheld as digital technology continues to become more sophisticated and integrated into society

Challenges of Moving Apps to Microservices

According to Varun Talwar, co-founder of Tetrate, an edge-to-workload application connectivity platform that connects companies to services across a mesh-managed environment, transitioning to a microservices architecture is a significant challenge for application modernization because many organizations operate complex systems that have been established for many years and could cause disruption of functionality if they were to be modified (Talwar, 2023).

Additionally, a survey conducted by Asperitas Consulting, a multi-disciplined solutions organization that assists companies in the implementation of cloud services, indicated that application modernization is challenging due to issues such as staffing and the unavailability of appropriate tools (Ghoshal, A., 2022).

The migration from monolith to microservices can also be a cumbersome task in and of itself. Microservices should only be considered after an evaluation of all alternative paths is conducted, according to Semaphore’s Tomas Fernandez, who also suggests that microservice applications could be best suited for software that begins as a monolith and for deployments that are not on-premises due to the nature of the customer having to manually deploy and configure everything on their own private systems (Fernandez, 2022).

One method of migration from monolith to microservices that more industry professionals are finding success with is the 12-Factor App methodology created by developers at Heroku, a cloud platform service that supports several programming languages.

Steps to this process include the following:

  • having one codebase tracked in revision control, with many deploys
  • declaring and isolating dependencies
  • storing all configuration data separately from the code
  • treating backing services as attached resources
  • separating build and run stages
  • ensuring the app is stateless
  • exporting services through port binding
  • developing the app to be concurrent
  • building disposable processes so that the app can be quickly started, stopped, and redeployed without loss of data
  • enabling continuous integration based on matching environments
  • streaming logs to specified chosen locations
  • running administrative and management tasks as one-off processes.

It is also important to note that not all legacy apps can be modernized and that APIs can be used to enable microservices.

The Benefits of Microservices

Amidst the challenges of transitioning to and operating on a microservices system, the most significant benefit is offering customers an improved user experience. According to Loris Cro, developer advocacy manager at Redis Labs, a services provider for nearly 9,000 organizations globally, end users for software developed with microservices see fewer performance issues, bugs, and general difficulties (McCall, 2020). For example, Cro points to the ability of development teams to use different languages and database systems on a per-service level as compared to monolithic applications. Despite the many benefits that microservices offer, undesirable outcomes can occur if there is an inconsistency in the services offered, high latency with app communication, or the microservices are too complex and don’t allow for extensibility, scalability, or feature additions.

The Future of Microservices

According to research, the Microservices Architecture market will rise from 5.49 billion USD in 2022 to 21.61 billion USD by 2023, expanding at a compound yearly growth rate (CAGR) of 18.66% during the forecast period (2022-2023) (Munde, 2023).

Other trends that are expected to impact the development of microservices include the following:

  • improved observability and enhanced insight into microservices’ actions and ability to control communication through the service mesh reconfigurable infrastructure
  • automated and optimized monitoring, incident response, capacity planning, and other operations through artificial intelligence techniques to manage software more effectively
  • better reliability than single-source software development through the use of multi-cloud strategies that implement a microservices architecture (Garvit, 2023).

Although a switch to microservices-enabled software could present new security challenges as a result of their dynamic nature, companies are making the transition from monolith at a near 100-percent rate (Cloud Security Alliance, 2019). Recent research shows that 85 percent of companies are modernizing their architecture by moving to a microservices structure. The report also indicates that leading companies are twice as likely to have at least 75 percent of their apps on a microservices architecture (Solo.io). The sooner that any existing outliers conduct their conversions, the more reliable their security measures are likely to be.

About the Author

kedarnath mundluruKedarnath Mundluru is an experienced Senior Principal SRE Architect and IT Architecture with over 21 years in the field. Kedarnath has a proven track record of leading teams to develop and launch customer-focused features and products that deliver significant business value. His analytical abilities and technical expertise, combined with his critical thinking skills, made him well-suited to work in data-driven environments. Kedarnath has a deep understanding of all stages of the software development life cycle and a strong background in management and leadership.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

References

Cloud Security Alliance. (2019, July 16). Challenges in Securing Application Containers and Microservices. https://cloudsecurityalliance.org/artifacts/challenges-in-securing-application-containers-and-microservices/

Fernandez, T. (2022, August 1). When Microservices Are a Bad Idea. Semaphore. https://semaphoreci.com/blog/bad-microservices

Garvit, J. (2023, March 1). Top Microservices Trends for 2023. Ecosmob. https://www.ecosmob.com/key-microservices-trends/

Ghoshal, A. (2022, August 10). IT leaders struggle with application modernization, survey finds. InfoWorld. https://www.infoworld.com/article/3669868/it-leaders-struggle-with-application-modernization-survey-finds.html

McCall, J. (2020, April 2). It’s a Great Time to Transition to Microservices Architecture. DevPro Journal. https://www.devprojournal.com/software-development-trends/devops/its-a-great-time-to-transition-to-microservices-architecture/

Munde, S., (2023, May). According to projections, the Microservices Architecture market will rise from USD 5.49 billion in 2022 to USD 21.61 billion by 2023, expanding at a compound yearly growth rate (CAGR) of 18.66% during the forecast period (2022-2023). Markets Research Future. https://www.marketresearchfuture.com/reports/microservices-architecture-market-3149

Solo.io. (2022). Service Mesh Adoption Survey. https://www.solo.io/resources/report/2022-service-mesh-adoption-survey/

Talwar, V. (2023, March 21). Service Mesh As The Bridge To App Modernization. Forbes. https://www.forbes.com/sites/forbestechcouncil/2023/03/21/service-mesh-as-the-bridge-to-app-modernization/?sh=19f5fff19075