Securing Federated Microservices

The growth of microservices and microservice architecture to provide flexible, rapid development of business-oriented services has led to componentization of SOA-based services as opposed to monolithic applications. Yet, the growth of microservices, as independent, deployable components of limited scope bundled together in a federated architecture to “form” different applications and satisfy different business needs, has created issues related to securing data and providing privacy protections.

API Gateways and other products manage access control using predominantly REST/OAuth based protocols. Yet fine-grained access control at the data element level is not generally possible. Furthermore, many enterprises have multiple platforms and environments driven by evolution and acquisition. They may include multiple IdAM products and policies across the enterprise, multiple API Gateways, and must support hybrid storage and data environments (in-house and cloud).

Preventing breach or backdoor access requires access control policies to be unified across this federated API/microservice environment within the enterprise and cross-enterprise. This also facilitates centralizing access control decisions using policies that are non-proprietary and independent of the COTS enforcement technologies/products. Unifying/harmonizing policies also requires interoperability between the various enforcement protocols to the authorization mechanism.

ESC’s Hybrid Authorization Control System (HACS) allows a unified, centralized security environment to be created that provides fine-grained Attribute-Based Access Control (ABAC) across your microservice architecture, and bridges proprietary policies and protocols. It creates a common security fabric using a single authentication within various authorization frameworks. When coupled with our Security Labeling Service (SLS), it allows push-based automated routing of information across and enterprise and between enterprises using different security protocols.