Chapter 1. Introduction to Cloud Microservices
Cloud computing and microservices have become a dominant theme in the software architecture world. Microservices have added complexity to an era in which security attacks are far too common, and they have raised the importance of security practitioners in every organization.
This is a story (that I heard for the first time on YouTube) that may sound familiar to many of you. A fast-paced company is building a microservices-based application and you are on the security team. It is possible that you have stakeholders, such as a CEO or a product manager, who want your product to be launched in time to gain market share. The developers in your company are doing their best to meet deadlines and ship code faster. You are brought in at the end of the process, and your mandate is to make sure that the final product is secure. This should immediately raise red flags to you. If the product is developed independently of you (the security team), you will be the only ones standing in the way of a product that adds value to the company. In my experience, in many dysfunctional firms, security professionals have been viewed as naysayers by development teams, product managers, and other stakeholders at organizations.
The problem with superficial security initiatives is that they interfere with value-adding activities. Bad security initiatives are notorious for causing frustration among developers. This is usually due to bad design and poor implementations, ...