Microservices Architecture All MIS603

profilemyeazyassignment
Module5a063X00001ZrEuZQAV.pdf

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 1/4

MODULE 5 INTRODUCTIONMODULE 5 INTRODUCTION

Security and Risk in Microservices

Introduction:

In previous modules we have discussed many revolutionary impacts of microservices

architecture and DevOps and how they have worked ‘hand in glove’ to change the

landscape of software engineering. This then leads to the question ’How have

microservices and DevOps changed how frameworks associated with the

management of security and risk are shaped?’

There have been several changes, and one of the areas has been the updating of the

well-recognised governance COBIT framework from COBIT 5 to COBIT 2019. What

does this mean?

1. The COBIT framework is managed by the professional association focused on IT governance - ISACA (Information Systems Audit and Control Association).

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 2/4

2. Part of ISACA’s aim is to support the management of governance, security and risk for organisation’s in the area of IT.

3. Recent changes to the COBIT framework have been updated to include cloud computing and DevOps – and with microservices architecture being a cloud native software engineering technique there are now governance guidelines emerging within formal IT frameworks.

The very nature of ‘cloud’ opens discussions about data sovereignty, and what laws

apply to data that might be used in one sovereign nation while being stored in the

cloud in another. Some clear strategies emerge from these legal requirements for

architecting how data is distributed in the cloud, with a focus on hybrid cloud

solutions to ensure that pivotal data remains within the jurisdiction as stipulated by

the law which would need to be accommodated in the architecture of microservices.

There are rapid movements to address the changing paradigm that has emerged with

cloud computing, including both DevOps and microservices architecture. Securing a

distributed application has more layers of complexity than in a monolith and that due

consideration needs to be given to governance and security in these environments.

This has given rise to a DevSecOps movement, with their own manifesto, focused on

incorporating security within DevOps practices – and therefore in�uencing

microservices architecture. While this is an emerging disciplinary area, it is well worth

noting that governance, security and risk remain of paramount importance to

organisations and thus far it has relied upon software engineers to ‘architect it in’. In

this module, we will focus on the speci�c elements of governance, risk and security

and the associated practices within microservices architecture at a more granular

level – however the emergence of new and adapted frameworks serves to illustrate

how embedded new practices are becoming in a developing discipline an area of

expertise.

References

DevSecOps.org (n.d). Manifesto. Retrieved from https://www.devsecops.org/

Hannula, M. (2019). Why data sovereignty matters when choosing a cloud strategy. CIO. Retrieved from https://www.cio.com/article/3432146/why-data-sovereignty-matters-when-

choosing-a-cloud-strategy.html

Thomas, M, (2018, November 8). COBIT 2019 Makes Framework Easier to Understand,

Customize. ISACA. Retrieved from https://www.isaca.org/resources/news-and-trends/isaca- now-blog/2018/cobit-2019-makes-framework-easier-to-understand-customize

Wickett, J. (2018, October 29). Introducing DevSecOps [Video �le]. Retrieved from https://www.linkedin.com/learning-login/share?

forceAccount=false&redirect=https%3A%2F%2Fwww.linkedin.com%2Flearning%2Fdevsecops-

building-a-secure-continuous-delivery-

pipeline%3Ftrk%3Dshare_ent_url&account=56744473

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 3/4

This Module will cover:

Module 5.1 – Security

Module 5.2 – Risk and Governance

This Module will help you achieve the following outcomes:

a) Analyse and evaluate moral and ethical considerations in speci�c security and privacy issues while transitioning to new technologies.

Time Management:

Your workload expectation is 20 hours for this module.

12 Week Delivery:

20 hours per module (two weeks): facilitated study: 3 hours / week. Personal Study: 7 hours / week.

3 hours facilitated study consists of attending class, responding to facilitator feedback.

You are to allocate 7 hours of personal learning. This includes essential time spent on pre-reading and viewing materials, assessment progression and learning activities.

Assessment Progression:

Assessment 2 is due at the end of Module 6.1 (Week 11). Please refer to the

assessment briefs in the assessment area for more detail. Tasks to undertake in this

module to prepare for Assessment 3 include the targeted readings, video clips and

exercises in this module.

You can prepare for this assessment by utilising the learning resources of this module

which include readings, videos, and learning activities to enhance your understanding

of the key concepts in this module. Please note that the areas of security and risk are

ever changing and ever advancing as new knowledge is created to thwart bad actors.

As part of developing your capability for life-long learning in this pivotal area, it is

expected that you research beyond the material indicated in this module or in class

and show evidence of this in your assessment. Developing a portfolio of trusted

resources to maintain currency of your professional insights will be vital to success on

this assessment and your professional life in the future.

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 4/4

Class Expectation:

You are expected to have worked through the essential learning resources and activities for this module before attending the facilitated session (face to face or online session) – this enables informed discussion and full participation in learning activities.

Participate in all scheduled facilitated sessions

This time is intended to be used by you and your learning facilitator to work through activities and engage in discussion about the module content.

These sessions provide a space for you to raise questions about the module content and seek guidance on writing your assessments.

You will review, explore and discuss more deeply the information presented in the learning resources.