Microservices Architecture All MIS603

profilemyeazyassignment
Module5a063X00001ZrEuZQAVpart2.pdf

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 1/7

MODULE 5 TOPIC 1 RESOURCES AND ACTIVITIESMODULE 5 TOPIC 1 RESOURCES AND ACTIVITIES

Security

Introduction:

Security is a highly specialised �eld, however understanding security within the

context of microservices architecture is vital for all working in this context owing to a

distributed architecture and reliance on communications integration. Data is a highly

valued ‘commodity’ - not only to the company that holds it, but also to customers who

are relying on companies to safeguard their information. Data breaches not only

expose companies to loss of the data that gives them a leading edge over competitors

but exposes them to further risks of �nancial loss of having to make restitution to

customers who have been compromised.

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 2/7

Mandatory disclosures are also legally required for companies that have experienced

a breach, and the resulting �nes can be substantial. In other cases, consumers can

enter class action lawsuits against companies to make civil claims of loss. It is

estimated that Uber’s 2016 data breach cost the company USD 150 million, however

the Equifax data breach stood at an agreed payout of USD 575 million in a settlement

with the Federal Trade Commission and Consumer Financial Protection Bureau

(Swinhoe, 2020). Above and beyond this, companies are subject to the loss of

reputation when exposed to data breaches. Where previously in a monolith and

‘waterfall project’, security could be brought in as a separate task to be undertaken by

specialists at a key point on the critical path of the project – in a DevOps world with a

microservices architecture – everyone is responsible for security. Developers who are

building each microservice and embedding it within a communications integration

context needs to have a clear understanding of how they can contribute to creating

and managing services where security is inherently built in at all layers of the

architecture. While governance in the design of the organisation’s overall

microservices architecture and communications integrations strategy, there are

elements that need to be considered on every step of the way in developing

microservices.

References

Swinhoe, D. (2020, January 31). The biggest data breach �nes, penalties and settlements so far.

CSO. Retrieved from https://www.csoonline.com/article/3410278/the-biggest-data-breach-�nes-

penalties-and-settlements-so-far.html?page=2

Resources and Activities:

Security and Microservices by Sam Newman

While this is an excellent video (and an opportunity to see an author, we

have referenced many times in this subject) it is long.

While you can bene�t from watching the whole video and may choose to do

so, please focus on speci�c sections if you are pressed for time:

8:07 – 12:06: Here, Newman identi�es a model for managing security in a microservices environment around 4 principles: Prevention, Detection, Response and Recovery

21:25 – 26:33: How using HTTPS between services o�ers an additional layer of security in a distributed environment

28:15 – 29:45: How Authentication & Authorization are vital concepts in the management of data security

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 3/7

32:33 – 33:57: Data At Rest and how best to management it to ensure security

Reference:

Devoxx. (2016, November, 10). Security and Microservices by Sam Newman

[Video �le]. Retrieved from https://youtu.be/ZXGaC3GR3zU

(https://youtu.be/ZXGaC3GR3zU)

Authentication and Authorization

Please read pp. 169 – 180.

Newman covers a range of di�erent authentication and authorization

protocols that can/should be considered and used depending on the

di�erent challenges that present in securing a system. In this short reading

you are introduced to each of these protocols with notes about where they

are most suited and bene�ts and drawbacks within in each. It is important

to note the di�erence between the concepts of ‘authentication’ – ensuring

that a user is adequately con�rmed to be who they say they are, and

‘authorization’ where a user has access to data and activities based on their

role and what this requires them to have access to. Note that there are two

themes in this section – user authentication and authorisation (people) and

service-to-service authentication and authorization where other services

make requests or communication calls to another service. The challenges

are di�erent in these areas and you will need to be able to di�erentiate

between them. (Note that this reading aligns to the video clip ‘Security and

Microservices by Sam Newman’, and that watching the clip before the

reading may make it easier to navigate some of the key concepts).

Reference:

Newman, S. (2015). Building microservices: Designing �ne-grained systems.

California, USA: O’Reilly Media. Retrieved from https://ebookcentral-

proquest-com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=189 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=189)

Securing Data at Rest

Please read pp. 180 – 182.

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 4/7

Newman focusses on the importance of encrypting as much data at rest as

is feasible, and only decrypting data when it is required for use. Note the

practical tips about the appropriate storage of encryption keys as well as

aligning to the proprietary encryption capability where it is available within

the technology rather than experiencing alignment challenges. (Note that

this reading aligns to the video clip ‘Security and Microservices by Sam

Newman’, and that watching the clip before the reading may make it easier

to navigate some of the key concepts).

Reference:

Newman, S. (2015). Building microservices: Designing �ne-grained systems.

California, USA: O’Reilly Media. Retrieved from https://ebookcentral-

proquest-com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=200 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=200)

Defence in Depth

Please read pp. 169- 188. There are several standards, tried and trusted

defensive measures that are used in defending company systems. It is well

worth understanding these and the bene�ts each bring so that you can

ensure that they are included to ensure that you are able to take a

comprehensive view of the security landscape supporting microservices

architecture. (Note that this reading aligns to the video clip ‘Security and

Microservices by Sam Newman’, and that watching the clip before the

reading may make it easier to navigate some of the key concepts).

Reference:

Newman, S. (2015). Building microservices: Designing �ne-grained systems.

California, USA: O’Reilly Media. Retrieved from https://ebookcentral-

proquest-com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=189 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=1938300&ppg=189)

Basic Security Requirements

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 5/7

Please read pp. 252 – 254. In this short reading Surianarayanan et al.

outlines the three security requirements of any application: con�dentiality,

integrity, and availability. Each of these requirements is de�ned with

examples, with implementation recommendations to mitigate each type of

security requirement. This reading will develop your understanding of

security concerns and mitigations in any systems environment, o�ering a

frame of reference to broaden your knowledge of how data security should

ideally be managed.

Reference:

Surianarayanan, C., Ganapathy, G., & Pethuru, R. (2019). Essentials of

microservices architecture: Paradigms, applications, and techniques.

Florida, USA: CRC Press. Retrieved from https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=273 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=273)

Pragmatic Architecture for Secure MSA

Please read pp. 255 – 256. Pay attention to Figure 9.2 – Pragmatic

architecture for a secure MSA application. Note how Surianarayanan et al.

specify how there are three layers and two separate zones: a trusted zone,

and a jungle zone. They specify which applications belong in each zone and

how this in�uences the decisions taken regarding security. Also note how

various application layers are allocated roles in meeting the di�erent types

of data security requirements

Reference:

Surianarayanan, C., Ganapathy, G., & Pethuru, R. (2019). Essentials of

microservices architecture: Paradigms, applications, and techniques.

Florida, USA: CRC Press. Retrieved from https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=275 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=275)

Security Mechanisms for MSA Applications

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 6/7

Please read pp. 256 – 260.This reading outlines the di�erent security

treatments and mechanisms as required in the di�erent layers of the

system and possible appropriate solutions to manage security e�ectively

with certain protocols and applications.

Reference:

Surianarayanan, C., Ganapathy, G., & Pethuru, R. (2019). Essentials of

microservices architecture: Paradigms, applications, and techniques.

Florida, USA: CRC Press. Retrieved from https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=277 (https://ebookcentral-proquest-

com.ezproxy.laureate.net.au/lib/think/reader.action?

docID=5883406&ppg=277)

Additional Learning Resources

If you would like to learn more about the topics covered in this module, here are

some additional resources. These resources will contribute to further develop

understanding of the topics covered. However, these resources are not essential

to complete this module or the assessments associated with this subject.

Controls of security and risk of breaches

This article will give you clear insights how poor controls of security and risk

of breaches can put organisations at risk of substantial �nancial loss, and

that breaches can come from many places but most often occur because of

a lack of considered approach.

Reference:

Swinhoe, D. (2020, January 31). The biggest data breach �nes, penalties and

settlements so far. CSO. Retrieved from

https://www.csoonline.com/article/3410278/the-biggest-data-breach-�nes-

penalties-and-settlements-so-far.html?page=2

(https://www.csoonline.com/article/3410278/the-biggest-data-breach-�nes-

penalties-and-settlements-so-far.html?page=2)

Learning Activity 1: Security Data at Rest - Discussion forum post

6/3/2020 Laureate International Universities

https://laureate-au.blackboard.com/webapps/blackboard/content/listContent.jsp?course_id=_89956_1&content_id=_8971658_1&mode=reset 7/7

Learning Activity 2: Authentication vs. Authorisation - Discussion

Forum Post

Collaborative learning activity – Building Blocks of Data Security

Note: The Learning activities above are not part of summative/graded assessment;

however they are designed to prepare you for incremental graded assessment and

expand your learning.

These activities encourage a community learning experience between peers, and

provide opportunities for facilitators to o�er formative feedback, throughout a

module, to the student cohort.