Microservices Architecture All MIS603
6/3/2020 Laureate International Universities
https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 1/4
MODULE 5 INTRODUCTIONMODULE 5 INTRODUCTION
Security and Risk in Microservices
Introduction:
In previous modules we have discussed many revolutionary impacts of microservices
architecture and DevOps and how they have worked ‘hand in glove’ to change the
landscape of software engineering. This then leads to the question ’How have
microservices and DevOps changed how frameworks associated with the
management of security and risk are shaped?’
There have been several changes, and one of the areas has been the updating of the
well-recognised governance COBIT framework from COBIT 5 to COBIT 2019. What
does this mean?
1. The COBIT framework is managed by the professional association focused on IT governance - ISACA (Information Systems Audit and Control Association).
6/3/2020 Laureate International Universities
https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 2/4
2. Part of ISACA’s aim is to support the management of governance, security and risk for organisation’s in the area of IT.
3. Recent changes to the COBIT framework have been updated to include cloud computing and DevOps – and with microservices architecture being a cloud native software engineering technique there are now governance guidelines emerging within formal IT frameworks.
The very nature of ‘cloud’ opens discussions about data sovereignty, and what laws
apply to data that might be used in one sovereign nation while being stored in the
cloud in another. Some clear strategies emerge from these legal requirements for
architecting how data is distributed in the cloud, with a focus on hybrid cloud
solutions to ensure that pivotal data remains within the jurisdiction as stipulated by
the law which would need to be accommodated in the architecture of microservices.
There are rapid movements to address the changing paradigm that has emerged with
cloud computing, including both DevOps and microservices architecture. Securing a
distributed application has more layers of complexity than in a monolith and that due
consideration needs to be given to governance and security in these environments.
This has given rise to a DevSecOps movement, with their own manifesto, focused on
incorporating security within DevOps practices – and therefore in�uencing
microservices architecture. While this is an emerging disciplinary area, it is well worth
noting that governance, security and risk remain of paramount importance to
organisations and thus far it has relied upon software engineers to ‘architect it in’. In
this module, we will focus on the speci�c elements of governance, risk and security
and the associated practices within microservices architecture at a more granular
level – however the emergence of new and adapted frameworks serves to illustrate
how embedded new practices are becoming in a developing discipline an area of
expertise.
References
DevSecOps.org (n.d). Manifesto. Retrieved from https://www.devsecops.org/
Hannula, M. (2019). Why data sovereignty matters when choosing a cloud strategy. CIO. Retrieved from https://www.cio.com/article/3432146/why-data-sovereignty-matters-when-
choosing-a-cloud-strategy.html
Thomas, M, (2018, November 8). COBIT 2019 Makes Framework Easier to Understand,
Customize. ISACA. Retrieved from https://www.isaca.org/resources/news-and-trends/isaca- now-blog/2018/cobit-2019-makes-framework-easier-to-understand-customize
Wickett, J. (2018, October 29). Introducing DevSecOps [Video �le]. Retrieved from https://www.linkedin.com/learning-login/share?
forceAccount=false&redirect=https%3A%2F%2Fwww.linkedin.com%2Flearning%2Fdevsecops-
building-a-secure-continuous-delivery-
pipeline%3Ftrk%3Dshare_ent_url&account=56744473
6/3/2020 Laureate International Universities
https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 3/4
This Module will cover:
Module 5.1 – Security
Module 5.2 – Risk and Governance
This Module will help you achieve the following outcomes:
a) Analyse and evaluate moral and ethical considerations in speci�c security and privacy issues while transitioning to new technologies.
Time Management:
Your workload expectation is 20 hours for this module.
12 Week Delivery:
20 hours per module (two weeks): facilitated study: 3 hours / week. Personal Study: 7 hours / week.
3 hours facilitated study consists of attending class, responding to facilitator feedback.
You are to allocate 7 hours of personal learning. This includes essential time spent on pre-reading and viewing materials, assessment progression and learning activities.
Assessment Progression:
Assessment 2 is due at the end of Module 6.1 (Week 11). Please refer to the
assessment briefs in the assessment area for more detail. Tasks to undertake in this
module to prepare for Assessment 3 include the targeted readings, video clips and
exercises in this module.
You can prepare for this assessment by utilising the learning resources of this module
which include readings, videos, and learning activities to enhance your understanding
of the key concepts in this module. Please note that the areas of security and risk are
ever changing and ever advancing as new knowledge is created to thwart bad actors.
As part of developing your capability for life-long learning in this pivotal area, it is
expected that you research beyond the material indicated in this module or in class
and show evidence of this in your assessment. Developing a portfolio of trusted
resources to maintain currency of your professional insights will be vital to success on
this assessment and your professional life in the future.
6/3/2020 Laureate International Universities
https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 4/4
Class Expectation:
You are expected to have worked through the essential learning resources and activities for this module before attending the facilitated session (face to face or online session) – this enables informed discussion and full participation in learning activities.
Participate in all scheduled facilitated sessions
This time is intended to be used by you and your learning facilitator to work through activities and engage in discussion about the module content.
These sessions provide a space for you to raise questions about the module content and seek guidance on writing your assessments.
You will review, explore and discuss more deeply the information presented in the learning resources.