Microservices Security landscape

Talk 1: Digital Identity - The next Industrial Revolution is Privacy First

Martin Krafft - Chairman of the Board of Directors at Keyp GmbH · Angel Investor ·Edmund Hillary Fellow

Microservices leaders often evangelise about the benefits of transforming organisations from being classic, hierarchical, command and control structures to decentralised structures that enable personalised and local autonomy. Yet many microservices leaders still take a classic, centralised, and clunky approach to privacy and security - which restricts personal visibility and control. Martin is not going to evangelise about microservices(!), but he will expand your horizons on digital identity and decentralised service from a privacy-first perspective. He believes that decentralisation is the next industrial revolution

(that is if machine learning ever properly manages to claim 4.0) and hopes that his girls will grow up in a peer-to-peer digital world, in control of their privacy.

Talk 2: Microservices Security landscape

Sagara Gunathunga – Principal Integration Consultant, IntegrationWorks.

Microservices architecture is becoming a prominent design principle and a service development methodology, we have now started to see many microservices in production. Yet, security is a less concerned aspect, most of the time development teams are much focus on edge security but due to distributed and disposable nature of microservices, it's equally important to pay attention to securing service-to-service communication both during the transmission and sharing end-user context among services in order to cover vast attack surface.

We will start this session discussing the unique challenges presented by microservices compare to securing monolithic applications, then move into discuss patterns and best practices used in edge security and sharing end-user context among microservices. Following that, we will cover techniques to secure service-to-service communication such as mTLS, JWT and Service Mesh sidecars. We will also discuss about open source projects like SPIFFE, SPIRE, and OPA that are becoming mainstream to address some of the key concerns in microservices security and how that can be used in containerised environments such as Kubernetes.

About The Speaker

Sagara is a Principal Integration Consultant at Integration Works focusing their integration offerings and also provides consultancy on designing and execution of integration & microservices strategies. Previously, he worked for WSO2 in the capacity of Director focusing their security offerings and leading Identity & Access Management team, during his stay he also provided consultancy to WSO2 clients including Fortune 100/500 companies.