Securing Microservices with Sam Newman
How do you secure microservices? Carl and Richard chat with Sam Newman about the complexity that comes with containerization and microservices, and how that impacts your security plans. Often security has been based on a monolithic single-point-of-access model. But when applications are broken down into microservices, there are a whole bunch of new points of contact to be secured. The good news is, there is plenty of technology out there to help, including password vaults, mutual TLS and more - you just need to learn about it!
Guests:
Sam Newman
After spending time at multiple startups and 12 years at ThoughtWorks, Sam Newman is now an independent consultant. Specializing in microservices, cloud, and continuous delivery, Sam helps clients around the world deliver software faster and more reliably through training and consulting. Sam is an experienced speaker who has spoken at conferences across the world, and is the author of Building Microservices from O'Reilly Media.
Links:
- Fun with Azure Functions and the Emotion API http://martinabbott.azurewebsites.net/2016/06/11/fun-with-azure-functions-and-the-emotion-api/
- Hashicorp Vault on AWS https://aws.amazon.com/quickstart/architecture/vault/
- Secrets in Kubernetes https://kubernetes.io/docs/concepts/configuration/secret/
- GitHub Security Alerts https://help.github.com/en/articles/about-security-alerts-for-vulnerable-dependencies
- Aqua Container Security https://www.aquasec.com/
- Synk Open Source Security https://snyk.io/
- JSON Web Tokens https://jwt.io/
- Mutual TLS in Azure App Service https://docs.microsoft.com/azure/app-service/app-service-web-configure-tls-mutual-auth