What are Microservices?
Microservices have been increasingly implemented in organizations. This increase in popularity can be attributed to the ease with which they move through a lifecycle allowing for efficient restart, scale-up, or scale-out of applications across clouds. However, these unique characteristics also mean there are distinct security ramifications which must be considered.
NIST Special Publication 800-180 defines a microservice as “a basic element that results from the architectural decomposition of an application’s components into loosely coupled patterns consisting of self-contained services that communicate with each other using a standard communications protocol and a set of well-defined APIs, independent of any vendor, product or technology.”
This blog, derived from CSA’s recently released microservices and containers micro-training course, further discusses the history of microservices and the definition of microservice architectures. You can dive deeper into microservices and containers by signing up for the micro-training course here.
History of Microservices
The earliest architecture for application systems is the monolith, where the entire application is designed to run as a single process and is hosted on a resource-intensive computing platform called the server. Although the application may be structured as different modules, a change in any module requires the recompilation and redeployment of the entire application.
The next evolution of the application architecture is the service oriented architecture (SOA). In SOA, the entire gamut of solutions supporting a business process are broken up into multiple components called services. This approach makes the development, maintenance, and deployment of the entire application easier, however it also requires resource-intensive middleware for services to work together in delivering the required solution.
The design of a microservices architecture is intended to address the limitations of SOA by enabling the individual microservices to communicate with each other using lightweight protocols such as representational state transfer (REST). Furthermore, the individual microservices can be developed in platforms best suited for them, allowing for heterogeneity and independent scalability due to loose coupling between individual microservices.
A microservice architecture consists of a set of microservices operating together as a “system of systems.” This architecture enables development agility and business flexibility by allowing services to independently evolve in response to business or technical needs. However, this architecture also introduces significant challenges, as the move to microservices for most organizations marks a significant shift from single-node system operations to a complex, multi-node “system of systems” distributed architecture.
Learn More About Microservices and Containers
CSA’s Microservices & Containers Fundamentals course is based on our microservices and containers research initiatives and related artifacts. It takes approximately one hour to complete. After completion, you receive a certificate for 1 course hour that may be submitted for possible CPE credits. The course includes:
- An overview of the history and evolution of microservices and containers
- An explanation of the differences between microservice, monolith, and SOA software models
- An explanation of the role of containers and their underlying technologies
- An overview of the security challenges and mitigation strategies associated with microservices and containers
This micro-training is a quick and easy way to build upon your cybersecurity knowledge and the ideas introduced in this blog. Learn more and register for the course here.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.