MDB Weekly is a multi-format, weekly summary of information from the past week in Modern Digital Business. It's available as an article, an email newsletter, and as a LinkedIn newsletter. It will be published weekly on Mondays.
First Up: The Long March
On January 12, I was fortunate enough to be a panelist at Predict 2023, for a panel discussion titled “The Long March.” The panel was made up of several industry experts, and we discussed how to make Kubernetes more accessible to a larger group of companies, and the technologies needed to support mission-critical workloads in the data center and in less compute-intensive environments.
DevOps Unbound: What’s in Store for DevOps in 2023?
In the past couple of years, businesses have been leveraging DevOps to drive their digital and cloud transformations and enable rapid innovation. Now it’s time to look back at lessons learned and look forward into the future. With so much change happening in the industry, what does 2023 have in store for DevOps? What are the DevOps practices and technologies that will shape the future of business?
Mitch Ashley (Techstrong) is joined by our panel of experts: Parag Doshi (Tricentis), Lee Atchison (Atchison Technology), Hope Lynch (CloudBees), and Tim Banks (Dell), who share their predictions for the upcoming year and discuss the following topics: DevOps trends to watch in 2023; DevOps, SRE, and the future of software development; DevOps at the edge; the future of automated testing and DevOps; the state of cloud-native application development in 2023; the rise of citizen developers;, how AI and ML are transforming DevOps; and more!
Last week’s top story: Keep microservices secure, even from themselves
Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes, and lend themselves particularly well to applications deployed in the public cloud.
But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploited in neighboring services, ultimately compromising them as well. A single, small service can be the entry point to a massive attack that compromises your entire application.
Even if your services are in a private network—behind a cloud firewall—you should not assume the network is safe. Services within the application can still be compromised. And, like the infamous Trojan Horse, a compromised service in an otherwise secure network can cause untold damage to your application.
There are many things you can do to keep your service and microservices-based applications safe and secure. Here are two critical but often overlooked security strategies to keep microservices secure:
OVERLOOKED STRATEGY: AUTHENTICATE ALL COMMUNICATIONS BETWEEN SERVICES
In microservices-based applications, inter-service communications are crucial. But authentication between services is often deferred or ignored. After all, if you are inside a private, secure area (such as a cloud VPN), why do you need to authenticate communications between services? All the services are part of the same application and support each other. Why would you need to perform authentication on all requests in such an environment?
OVERLOOKED STRATEGY: ENCRYPT APPROPRIATE COMMS BETWEEN SERVICES
In every application there is sensitive data. This might be personally identifiable information (PII), account access credentials, customer data, financial data, or business-critical data of various forms. This data, if it were to be compromised by a bad actor, could be destructive to the business and its customers and employees.
To avoid this, whenever sensitive data is communicated from one service to another, the data needs to be sent over an encrypted data channel. This is true even if both services are inside a private network, even if access to the network is encrypted. The specific communications of sensitive data from one service to another need to be encrypted.
To understand this fully, read the full article in Container Journal.
Software Engineering Daily: Dev-first Kubernetes operations platform with Itiel Shwartz
Kubernetes is an open-source platform for automating the deployment, scaling, and management of containerized applications. The company Komodor started as a Kubernetes diagnostics platform focused on Kubernetes troubleshooting for the entire Kubernetes stack. More recently, Komodor is taking a step toward becoming a “single pane of glass” solution to simplify Kubernetes for developers. In the past, Komodor was more DevOps-focused, and it has made some significant changes in the product that will appeal more to the developer. Komodor is also entering into the cluster management space to compete with Lens.
Listen to my interview with Itiel Shwartz, co-founder and CTO of Komodor, on Software Engineering Daily.
Links for the week:
- Software Engineering Daily Interview
- The Long March
- DevOps Unbound
- Atchison Academy
- Book: Architecting for Scale