Secure Microservices in Ways That Developers Like
The number of services cloud providers have begun to offer over the past couple of years has exploded, potentially exposing an exponentially larger number of microservices to vulnerabilities that support these services across multiple cloud and on-premises environments.
In this, The New Stack Makers podcast, TJ (Tsion) Gonen, head of cloud security for security provider Check Point, puts microservices security in context and describes the critical role security tools play and the support that artificial intelligence (AI) and machine learning (ML) offer. Jack Wallen, a correspondent for The New Stack, hosted this episode.
In consideration of the explosion in network connectivity during the past few decades, the fact that networks continue to function is an amazing feat in and of itself, Gonen said. He compared today’s infrastructure to roadways that are getting much more traffic than they did when they were first built.
“If there were a billion more cars than there were 30 years ago, you would have a lot of road accidents and a lot of casualties,” said Gonen. With network security, “we’re still up, we’re still running, we’re still functioning [thanks to] a lot of security companies and cybersecurity technologies and some awareness.”
As the number of potential security threat vectors continues to proliferate at exponential rates, “by definition, more things are going to happen, because there are just more opportunities for things to happen,” Gonen said. “We’re still alive, we’re still walking, but there’s going be more pain — there is going to be more than 100% more pain,” said Gonen. “I think there’s going to be more pain before it becomes better, but it’s just a natural evolution — there are more opportunities for bad things to happen.”
In many respects, using a cloud service without undertaking the proper security checks first is like “picking up a USB stick from the floor and plugging it into your server,” Gonen said. “You’re encouraged to move super fast, you’re encouraged to do these things, you’re encouraged to use all these services,” Gonen said.
As an example, on the cloud when using microservices, container permissions must be set. “Now as a developer, you have two options: one of them is to go and say, ‘okay, this container only needs access to this, that and that and this service only needs these four API calls — that’s one of your paths. The other one is to ‘allow all,’” said Gonen. The latter option is much more easy, so which option would you guess is the one most used by busy developers?
“You can find technologies like what we provide that allows you to automate security from development to runtime while building trust with developers, giving them tools they like to use,” said Gonen. “You know how hard it is for security companies to wake up in the morning and say, ‘let’s build something developers like.’”