Chapter 4. Security at Rest
When it comes to microservices, a lot of literature in the industry is focused on the design and development of the mechanisms that provide computing services to the end user. Despite this, it is widely known that microservices require us to fundamentally change the way we think about storage. Microservices are typically expected to be self-contained. This applies not only to their logic but also to their data storage mechanism. Unlike monoliths, where centralizing storage in a nonredundant manner is the guiding principle, microservices require architects to think of decentralization. In a real microservice environment, data is a first-class citizen and is to be treated in a similar way to any computing service. Microservice architects encourage data localization, in which data is kept close to the service that needs it, so the system can become less reliant on external databases. By avoiding shared and centralized databases, a microservice environment works only with the data available within the bounded context, thus ensuring autonomy and scale at the same time. Additionally, such a distributed storage design reduces the possibility of storage mechanisms becoming the “single points of failure (SPOFs).”
Security-wise, storing data can be very costly if you examine the risks involved. IBM and the Ponemon Institute publish an annual report detailing the average cost of a data breach for companies throughout the world, and as you can imagine, there are ...