#02 Microservices — the hard parts
Understanding core security principles
For building secure software
In the previous part, we saw that securing microservices-based applications is a delicate balancing act.
In this part let us look into the “core security principles” to adopt while building software systems.
It is essentially a collection of security concepts that should be used while creating secure software (note that each of these principles is backed by tried and tested controls for you to adopt).
Because microservices have a bigger surface area that needs to be protected against exploitation, these rules, along with other security considerations, are obviously more crucial.
Let’s start by getting to know each of the guiding concepts.
Just a moment!
Before we close, do take note that there are tons of tried and tested security tools, services, practices, and policies that could be potentially adopted to build secure software.
While adopting them, there are a few concerns that need to be addressed, and they include:
- Do we implement all of them?
- Is it worth the time and effort?
- How do we decide which one to adopt and which one to discount?
- How do we ensure the most appropriate controls are in place for a given application?
These are difficult questions!!
This is where knowing the security principles and effectiveness of security controls comes in handy. They can help with design decisions (architectural and engineering), assessing inherent and residual risk, and a variety of other things.
In the next part, we will dive a bit deeper to understand some more security aspects before learning about the security controls.
In the mean time, here is a TL;DR version of the core security principles for you to read on the go!
If you have any feedback or comments feel free to share!
