Modern applications enable rapid innovation and delivery through cloud-native architectures where microservices isolate specific business processes and are scalable, responsive, and adaptive to emerging demands. While the benefits of cloud-native applications and microservices are numerous, there are however new challenges - especially security challenges.
- Microservice APIs expose new threat vectors (OWASP API top 10)
- Data flows are often more exposed between microservices introducing exponential risk
- DevOps Delivery velocity makes it extremely difficult for security to keep up
DevOps teams need to embrace their “SecOps” counterparts and build out their security practices in order to
- Improve their visibility into API - API communication where the risks between their APIs is visible (including the data risk)
- Dynamically evolve their security processes and practices to keep up with DevOps velocity. Yesterday’s firewall rules will not be able to address today’s 50 deployments of new changes (or 5000 deployments of new changes)