Microgateways: Zero Trust Security for the Microservices World

According to a recent Forrester report, The Future Of Identity And Access Management, microservices-based IAM is fast-replacing complex and monolithic legacy solutions. Why?  Microservices- and API-based solutions show faster time-to-value, provide flexibility for changing requirements, and support mobile and IoT technologies.

New business models, based on the ability to monetize APIs (i.e. charge for usage) make APIs and microservices accessible to broader audiences, create new revenue streams, while opening businesses to additional risk. One approach to mitigating the risks associated with the monetization of APIs and microservices, is the use of fine grained authentication and authorization. But how can development teams incorporate sophisticated security without adding layers of complexity?

In a recent ForgeRock and KuppingerCole webcast, we discussed one of the key trends we see in DevOps — externalizing microservices security. By externalizing security you benefit from a security strategy that’s simple, consistent, and adaptable; freeing up much-needed resources.

Microservices and microgateways can run in multiple containers to form a single unit of deployment – effectively building a zero trust model. Unlike traditional API gateways, they can be co-located and share resources, such as network or storage.



In the zero trust model, DevOps is king!

A gateway needs to support the deployment and scalability of your microservice (e.g. having the ability to run your microservice in Docker and be deployable by Kubernetes). Microgateways are a flexible deployment model that enables you to efficiently drive changes through your continuous integration and continuous delivery (CI/CD) pipeline, from development to production.

With microgateways as a microservices security solution, you can securely innovate and keep up with your ever changing business needs.

To learn how to deploy the ForgeRock Identity Gateway as a microgateway with Docker and Kubernetes, see the ForgeRock Identity Gateway DevOps Guide and the ForgeRock Identity Platform DevOps Guide.

Key characteristics of a sound microservices security strategy

Simplicity: Microservices are single-purpose programs. Any non-relevant functionality should be moved elsewhere, or developed separately. Programmatic security in the microservice can create an overload. Adding token caching and validation to each individual microservice creates bottlenecks and reduces scalability.

Consistency: A strong security strategy is replicable and consistent in its deployment. Adopt reliable procedures that are well understood, tested, and certified.

Modernizing: Microservices won’t replace monolithic infrastructures overnight. A gateway needs to integrate existing infrastructure with modern services, and apply request and response transformations when necessary.

Adaptable: A token type and procedure may be sufficient today, but what about tomorrow? You may need to evolve from OAuth2 to OAuth2 with Proof-of-Possession or another type of protocol. An adaptable solution allows for changes to authentication and authorization methods without the need to touch individual microservices.

Who Is Joachim Andres?

Who’s Joachim? As Product Management Director with 21 years of experience in the identity industry, Joachim helps organizations bridge their business to modern digital identity - and make the journey an easy downhill ride. In his leisure time, however, Joachim enjoys the challenge of cycling uphill.

Recent Posts:

How to Compare Digital Identity Providers for CIAM

Comparing and selecting digital identity providers for CIAM (customer identity and access management) is a daunting task. With the fast-paced nature of business and technology today, you need to ensure that you’re not only able to meet all your current requirements, but those to come.

Disrupt or Be Disrupted: The Power of the Disruptive Economy

As one of the leading and most comprehensive digital identity providers on the market, we keep a finger on the pulse of trends necessitating better identity.  As part of this ongoing practice, we have identified

Four Key Customer Journeys for Virtual Banks

Virtual Banking is here. The recent issue of new Virtual Banking licenses in Hong Kong and the upcoming licenses in Singapore have spurred the need for building new age banking systems that leverage the latest technology stack.