MIS603 Microservices Architecture Report: Challenges & Mitigation

Verified

Added on 2021/01/06

AI Summary

This report provides a comprehensive overview of microservices architecture, examining its advantages over monolithic systems, particularly in cloud applications. It delves into the various challenges encountered during microservices implementation, including complexities in application monitoring, debugging, and fault tolerance, as well as increased attack surfaces and logging issues. The report highlights the privacy and security risks associated with microservices, such as the potential for increased attack surfaces due to API communication, monitoring complexities, and testing challenges. Furthermore, it outlines several mitigation strategies to manage these risks, including slowing down attackers, implementing defense-in-depth strategies, utilizing API gateways, focusing on data and API security, and adopting DevSecOps practices. The conclusion emphasizes the growing popularity of microservices architecture, while acknowledging the need for proactive measures to address its inherent security and privacy challenges. The report is contributed by a student and available on Desklib, which offers past papers and solved assignments for students.

MIS603
Micro services Architecture
Title-
Student Name-
Student Number -
Lecturer’s Name-
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction
The shifting to microservices architecture from monolithic has been incredible. It is a naturally adopted solution in
place of monolithic system (Almeida, et.al., 2017).
2

It emerged as effective and efficient architecture design for applications and contributes in the development of
application and made up of using different type of languages. It is widely used for the cloud applications by the
software development teams (Torvekar & Game, 2019). Modules of monolith software application cannot be
implemented alone that’s why it was difficult to maintain and reuse it. There are some challenges of monolithic
architecture which are complexity while coding, deployment was constraint, failure of dependencies, hard to
maintain (S & G.V, 2017). According to (Alshuqayran, Ali, & Evans, n.d.), recent evolution of micoservices architecture
helps online service provider in maintenance and expandable demand. Microservices architecture is used for building
independent, highly flexible, and decentralized to make the work easier. In this one application is based on different-
different microservices which perform one work of application independently (S & G.V, 2017).
In this report I aim at identifying various issues and challenges which are related with micoservice architecture. I will
also provide the main reasons for the challenges in micoservice architecture and what are the various mitigation
strategies which can be implemented to reduce the privacy and security risk in microservices architecture. I have
studied some of the research work done in this filed and it provides me more insights about the application of
microservices architecture.
Issues and challenges in microservices architecture
There are various challenges faced by the organization while implementing microservice architecture. Not all
organizations get equal amount of benefit from microservice architecture. Organizations which deal in ICT services
may easily get advantages of microservice architecture. Many traditional IT company is still struggling in overcoming
the organizational challenges in adopting microservice architecture (Baskarada, Nguyen, & Koronios, 2018).
During my study I have identified these challenges and discussed below as follows:-
 Complexity of application
 Monitoring of health and debugging will be difficult (Arroyo, 2017).
 More surface for attack
 Poor analysis of log
 No proper testing
 Low fault tolerance
However, there are various advantages of implementing microservice architecture that it provides chance of
delivering the project efficiently and more swiftly. It is easy to maintain the software because of simplified
configuration. With the help of microservice architecture application of organizations will be more scalable,
organizations can use many languages in their application, increase the revenue and efficiency of the organization
(Arroyo, 2017). It has so many advantages as compared to monolithic architecture, such as agility, resiliency, ease of
scaling through the microservices (Almeida, et.al., 2017).
3

Privacy issues due to above mentioned challenges
Although microservice architecture helps organization in meeting their needs it also creates privacy issues while
adopting it and developers have no choice left they have to address those issues. The top five privacy issues which is
faced by the organization while implementing microservices architecture are as follows-
Figure 1- Privacy and security issues
 Due to greater complexity it gets surface area for attack – with the help of microservices architecture an
application security is transformed. Communication with each other is done via API (Application
programming interfaces). Due to this they have more surface area that’s why there are chances of potential
attacks which developer should address as soon as possible (Robinson, 2015).
 Stress of monitoring – It is also a problem in microservices. Whenever new service enters in system, it
becomes challenging to maintain and monitor them. There will be requirement of automation to monitor the
changes in affected services (Kong, 2019).
 Fault tolerance- It is much more difficult in microservices architecture than monolithic system to understand
fault tolerance. Microservices must be capable to manage the service failures and other timeout related
problems. Because these type of service failures can affect rest of the services (Kong, 2019).
 Logging – Micoservice architecture based applications are developed with heterogeneous technologies. All
logs are not in same format. Developer team must create a system for mass logs so that no security issue
arises (Kanjilal, 2020).
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

 Testing- In microservice services are independent so developers can deploy and manage the services without
rigorous testing. In testing phase all the security risk is detected (Kanjilal, 2020).
 Due to dynamic environment, rapid changes in applications.
Mitigation strategies to manage risk
These privacy and security risks can be managed with various mitigation strategies and developers can adopt all of
them while developing an application.
Figure 2- Mitigation strategies to manage risk
 Slow down the attackers - If somebody tries to attack application programming interface number of times,
they will need some time to confirm their username and password successfully. Developers can slowdown
this process to protect endpoints of an application. For this purpose various approaches can be use such as
rate limits, like attackers can only make three attempts in per minute, which will help in preventing attacks to
system. Within an application programming interface gateway rate limiting can be used in code. The security
team and developer’s team must work jointly to figure out how to regularly monitor the application from
potential threats. For this purpose various monitoring tools can be used such as Prometheus and InfluxDB
which will help in monitoring process. Moreover, continuously updating codes are crucial. Security team and
DevOps team must work together to examine code and avoid any type of unauthorized access in the
application (Okta, n.d.).
5

 Exercise the defense-in-depth strategy- In this strategy there are so many number of layers of security
control are set up in an application. If a potential attacker tries to exploit one of micoservices than sensitive
services will obtain layers of security and he or she will not be able to attack other microservice or any other
layers of microservice based application. The developer should not depend on only one single security
measure; they should apply all the security instruments to construct the security layers to avoid potential
attacker. For instance, if any company already have strong firewall network in their application, still they
should ensure all other security measures are taken properly and to detect unusual behaviour the developer
should maintain a monitoring layer (Kanjilal, 2020).
 Always use application programming interface gateway- An API gateway should be used to give a particular
point of access for the traffic to avoid direct communication between service consumers and microservices
and it will directs customers to different-different microservices. To handle data privileges of services and
application programming interface gateways frequently use token for authentication purpose. Because
customers can’t directly use the services, they are not able to influence or exploit the services. Developers
can put layer of security for the protection if they are using application programming interface gateway
before a firewall. It will ensure that microservices in an application are secure (Kanjilal, 2020).
 Focus more on data and application programming interface security- Microservices communicate with each
other by the use of application programming interface and data packets. It ensures data is encrypted and
maintains security of certificates. Furthermore, only authorized users must have authority to application
programming interface application programming interface. This can handle by providing access on need basis
to resources.
 Implement DevSecOps strategies – Deploying right technology for security of microservices based
application is just not enough. For successful implementation of microservices, both operation as well as
development team must come together with the idea of DevOps. In addition, they should know how to
diminish privacy and security risks while implementing microservices architecture (Kanjilal, 2020).
 Developer should make their microservice architecture based application secure by design.
Conclusion
In the end I would like to conclude that microservice is a preferred architecture design and it is not just use in cloud
applications. Microservices architecture is latest trend which has gained popularity over a period of time. It is used in
place of monolithic system. Further, findings of my study show that there are various challenges faced by a
developer team in using microservice architecture which are when data increases it is a complex task to maintain and
6

process them and other challenges are more attack surface, inadequate log analysis, no proper testing and fault
tolerance. Despite of many challenges there are so many advantages of adopting microservice architecture such as
more agility, resiliency, and effectiveness and so on. Although adoption of microservices architecture in the
organization brings so many benefits to the organization but it create so many security and privacy risk along with
them while adoption. However, these issues can be managed by following various mitigation strategies such as
slowdown of attackers, using defence-in-depth strategies, using API gateway, and focus on API security and so on.
References
Almeida, H. C., Monteiro, L. d., Hazin, R. R., Lima, A. C., & Ferraz, F. S. (2017). Survey on Microservice Architecture -
Security, Privacy and Standardization on Cloud Computing Environment. The Twelfth International Conference on
Software Engineering Advances, (pp. 199-205). Washington.
Alshuqayran, N., Ali, N., & Evans, R. (n.d.). A Systematic Mapping Study in Microservice Architecture. 1-8.
Arroyo, J. (2017). Advantages and challenges of moving from a monolithic architecture to microservices. Retrieved
from Arroyo Labs: https://www.arroyolabs.com/insights/advantages-and-challenges-of-moving-from-a-monolithic-
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

architecture-to-microservices/
Baskarada, S., Nguyen, V., & Koronios, A. (2018). Architecting Microservices: Practical Opportunitiesand Challenges.
Journal of Computer Information Systems , 1-9.
Kanjilal, J. (2020). 4 fundamental microservices security best practices. Retrieved from SearchApp Architecture:
https://searchapparchitecture.techtarget.com/tip/4-fundamental-microservices-security-best-practices
Kong. (2019). 10 Ways Microservices Create New Security Challenges. Retrieved from Kong:
https://konghq.com/blog/10-ways-microservices-create-new-security-challenges/
Okta. (n.d.). 8 Ways to Secure Your Microservices Architecture. Retrieved from Okta:
https://www.okta.com/resources/whitepaper/8-ways-to-secure-your-microservices-architecture/
Robinson, R. M. (2015). Microservices Are Powerful, but Pose New Security Challenges. Retrieved from
SecurityIntelligence : https://securityintelligence.com/microservices-are-powerful-but-pose-new-security-
challenges/
S, P., & G.V, S. (2017). Microservices Architecture. International Research Journal of Computer Science , 5 (4), 65-69.
Torvekar, N., & Game, P. S. (2019). Microservices and It's Applications : An Overview. International Journal of
Computer Sciences and Engineering , 7 (4), 803-809.
8