Microservices Security landscape

Talk 1: Microservices Security landscape

Sagara Gunathunga – Principal Integration Consultant, IntegrationWorks.

Microservices architecture is becoming a prominent design principle and a service development methodology, we have now started to see many microservices in production. Yet, security is a less concerned aspect, most of the time development teams are much focus on edge security but due to distributed and disposable nature of microservices, it's equally important to pay attention to securing service-to-service communication both during the transmission and sharing end-user context among services in order to cover vast attack surface.

We will start this session discussing the unique challenges presented by microservices compare to securing monolithic applications, then move into discuss patterns and best practices used in edge security and sharing end-user context among microservices. Following that, we will cover techniques to secure service-to-service communication such as mTLS, JWT and Service Mesh sidecars. We will also discuss about open source projects like SPIFFE, SPIRE, and OPA that are becoming mainstream to address some of the key concerns in microservices security and how that can be used in containerised environments such as Kubernetes.

About The Speaker

Sagara is a Principal Integration Consultant at Integration Works focusing their integration offerings and also provides consultancy on designing and execution of integration & microservices strategies. Previously, he worked for WSO2 in the capacity of Director focusing their security offerings and leading Identity & Access Management team, during his stay he also provided consultancy to WSO2 clients including Fortune 100/500 companies.

Talk 2: Securing Cloud-Native - Is New Zealand prepared?

Ian Vanstone - Chief Technology and Information Security Officer, IntegrationWorks Global

Cloud-native approaches bring a wealth of new benefits for business but they can also lead to a larger attack surface and challenges related to governance, security-by-design, and observability. In this session, Ian encourages the audience to assess the maturity and readiness of the NZ tech sector to deliver secure solutions in an ever more dynamic technology world.