MIS603 Microservices Architecture

Assessment Tittle: (Privacy and Security Report)

Student Name: Abdul Mateen Azhar Cheema

Student ID: 00324625T
Lecturer Name: Neda & Bahareh Ghodoosi

Page 1 of 8
Introduction:
Microservices is basically an architecture or approach which is used to design applications
in the form of several independent small services. This is one of the latest approach which is
used by many companies worldwide. Where there are countless advantages of this approach,
there are also its drawbacks. Companies face many challenges and issues while using this
method for software development. There is need to highlight those issues so that any solution
is made. In this report, different challenges and privacy issues are discussed. The reasons
behind the occurrence of these kind of issues are also written in this report. Many reasons are
discussed which are considered as the main cause of these challenges and issues.
There is also need of reduction of risk and its impacts. Different risk mitigation
strategies are highlighted in this report. This concept is elaborated with the help of two figures.
These strategies are used to reduce the impact of risks and to manage the risks for both the
security and the privacy. DevOps are also playing key role in risk mitigation process. There
importance is also discussed briefly. At the end of the report, different options are given which
are essential while dealing with the reduction of risk impacts or while talking about the risk
mitigation strategies.

Issues and Challenges:

There are certain issues which occur while using Microservices as software
development approach. In this architecture, the repeatable empirical research is very less. This
architecture has a lot of moving parts which make its architecture very complex. This issue
requires a lot of efforts and careful planning so that the complex architecture can be
simplified. This style requires cultural changes and this is also one of its issues (Taibi,
Lenarduzzi, Pahl, & Janes, 2017). Another issue is the cost of this architecture. It is more costly
than other traditional approaches. The security issue also requires attention in this
architecture.
If we look at the challenges which those applications face when they are Microservices
based then there are five big challenges which are discussed here (Besic, 2019):

1. Infrastructure Design and Multi-Cloud Deployment:

Page 2 of 8
 This architecture is distributed in many data centers and cloud providers etc. This
becomes a challenge as the visibility of application components and the loss of control must be
checked and controlled in this architecture.

2. Segmentation & Isolation:

In this architecture, components communicate with each other through different
infrastructure layers. Sometimes, cross-service communication is also skipped while testing.
This becomes a challenge of significant exposure between the service interfaces.

3. Identity Management & Access Control:

There are new entry points in this architecture for all of the internal and external actors.
There is a high need to regulate the access control. It is very challenging to to have an
administrative interface in the architecture so that it can manage users, applications, groups
etc.

4. Data Management:
The data in this architecture is always in moving state. It is stored at several different
places which have different purposes. There is a very high challenge to secure the data from
leakage. It is important to protect data from malicious actors so that they can’t break into
private assets.

5. Rapid Rate of Application Changes:

In this architecture, many rapid development strategies are used. These will push for the
incremental and iterative development. It is challenging to protect application and reduce
application’s attack surfaces because Microservices require non-trivial and ready made
solutions.

Privacy Issues:
Besides other issues, there are also some privacy issues of this architecture. These issues
must need to be resolved on urgent bases as this architecture cannot compromise on the
privacy of its users of developed applications. In this architecture, different teams and groups
manage different functions within the application and this has a significant impact on the
privacy issue. If the application gets access to the private data of the user then it is the
responsibility of the application to make sure that the data do not leak and do not go in wrong

Page 3 of 8
hands. There is high need of designing the privacy framework so that data and privacy is
assured to users. This architecture needs to follow the CIA (confidentiality, integrity and
availability) triangle.
Another privacy issue is the breakdown of the application into multiple
components. This prevents from increase of organization’s attack surface. The system need to
use defense in depth method in order to prioritize the key services and prevent the privacy
issues. System is required to use automatic system updates so that the issue can be detected
on early stages. One should avoid writing their own crypto code in order to be more secure.
Another option to avoid privacy issue are the usage of distributed firewalls with centralized
controls.

Reasons of these Issues:

The requirement of cultural changes is an issue of this architecture. The reason
behind this issue is that this architecture requires shifting of decision making power among all
of the team members.
The cost of this architecture is very high and the reason behind this issue is that
different small independent services are present in the architecture which communicate with
each other through remote calls.
The security issue raised in this architecture has also a reason behind it. The reason
is that the modules of the architecture exchange data in a high volume thus this cause security
threats.

Risk Mitigation Strategies:

In order to minimise privacy and security risks in microservices architecture, there is need
to look towards Risk Mitigation Strategies. In the microservices-architected environments,
these strategies play a very important role as they reduce the impact of risks and failures in the
architecture. They provide solid solutions to the problems occurred in the architecture. The
basic four strategies of risk mitigation are the risk avoidance, risk acceptance, risk transference
and risk limitation. In the context of Microservices Architecture, the risk mitigation strategies
perform a key role for managing the risks for both privacy and security. Exposure contribute a
lot in the vulnerability of the system (Menoni, Molinari, Parker, Ballio, & Tapsell, 2012). When
these strategies are implemented in the system, then we expect the system to be more
resilient, lower downtime, good coverage of the edge cases in the system etc.

Page 4 of 8
 DevOps have a significant role in the risk assessment. Managers make sure that all of the
risk management strategies are always up-to-date. Below in the Figure 1, there is a rough idea
of how these strategies work in order to identify the risks and then reduce its impact.

Figure 1. Risk Management with Microservices and DevOps (Lohani, 2016)

While talking about the mitigation strategies, there is also need to highlight the
importance of these strategies in the system. During risk mitigation, the probability of
occurrence and severity of the consequence for the risk is considered. As shown in Figure 2,
there are general guidelines for applying risk mitigation.

Page 5 of 8
Figure 2. Risk Mitigation Handling Option (“MITRE”, n.d.)

In the above figure, it is clear that the options for handling of risk mitigation includes:
1. Acceptance of the risk
2. Avoidance of the risks
3. Control of the risk
4. Transferring of the risk
5. Monitoring of the risk.
These all option are essential while reducing the impact of the risks in the system.
Each and every option requires a proper plan in order to implement them in the system. Below
is a list of some common risk mitigation options which many companies or architectures may
adopt to reduce the risk impacts:
1. Technical and critical reviews of the engineering process of Microservices Architecture.
2. The oversight of component engineering for Microservices Architecture.
3. The analysis and test of critical design items in Microservices Architecture.
4. The fast prototyping and test feedback in Microservices Architecture.
5. Consideration of critical design requirements for Microservices Architecture.
6. Initiation of developments in Microservices Architecture.

Conclusion:
In the end, it is proved that in order to shift from Monolithic Architecture towards the
Microservices Architecture, there are many issues which are occurred. These issues can be
resolved with the help of proper planning and resources. In order to resolve all kinds of such
issues, the system needs proper implementation of strategies. While working with
Microservices architecture, there are many issues which may lead to large failures in the

Page 6 of 8
company or organisation. Many challenges are faced by the users of this architecture. Each
challenge needs to be resolved on urgent bases so that the architecture may continue to be
successful.
At last it is important to talk about the risk mitigation strategies as they have a significant
part in the reduction of the risks. Every risk and its likelihood is a great threat to the company
and the system itself. For the implementation of these risk mitigation strategies there is need
to have a proper planning and a road map. The system can adopt the CIA triangle for resolving
the privacy and security issues. Several options are discussed above which are vital in context
of reducing the impact of any risk occurred or any risk which is likely to be occurred.

References

Page 7 of 8
Besic, N. (2019, October 16). the Top 5 Challenges of Microservices Security. NeuraLegion.
Retrieved from https://www.neuralegion.com/blog/the-top-5-challenges-of-microservices-
security/

Lohani, R. (2016). Risk Management with Microservices and DevOps. Retrieved from
https://www.linkedin.com/pulse/risk-management-microservices-devops-rachit-lohani

Menoni, S., Molinari, D., Parker, D., Ballio, F., & Tapsell, S. (2012). Assessing multifaceted
vulnerability and resilience in order to design risk-mitigation strategies. Natural Hazards, 64(3),
2057-2082. Retrieved from https://d1wqtxts1xzle7.cloudfront.net/46511598/s11069-012-
0134-420160615-5310-1687alm.pdf?1466004249=&response-content-disposition=inline
%3B+filename
%3DAssessing_multifaceted_vulnerability_and.pdf&Expires=1611403409&Signature=NgxH5IE
QUpc6eQ8tJRBXIhNOlM4mevWWSsgmnwZLW1S0TPYb7fpAx3SQePHEtpeHN-
T00Dv5d3LtWZLnY-Lpm~TW4-vAcDUO5glZRkDjGprCt7KI8p-F-SPIgYqD-
S4cJTFy4sfIvXA3ACDZRmd-
77fUvWG1auD7OZDzYV~nC9Tnuvjyv04RKSe2kfEDHmSn1EZJAR17eskgYNgFsJoJvkb9wUx~vjuA
QCazKw4B9HBQuXXxQK5I98y7nU32iPO4lmSDBotrkCr~cvG0Px08urSY2rLWzAtMqnbHwbepo5
Ul3yz-FuNe0uaMBbwk0x8IYEWCpvr-6yfMHukRI6BozA__&Key-Pair-
Id=APKAJLOHF5GGSLRBV4ZA

MITRE[image].(n.d.). Retrieved from https://www.mitre.org/publications/systems-

engineering-guide/acquisition-systems-engineering/risk-management/risk-mitigation-
planning-implementation-and-progress-monitoring

Taibi, D., Lenarduzzi, V., Pahl, C., & Janes, A. (2017, May). Microservices in agile software
development: a workshop-based study into issues, advantages, and disadvantages.
In Proceedings of the XP2017 Scientific Workshops (pp. 1-5). Retrieved from
https://d1wqtxts1xzle7.cloudfront.net/54607525/Microservices_in_Agile_Software_Develop
ment_a_Workshop-Based_Study_into_Issues_Advantages_and_Disadvantages.pdf?
1507017172=&response-content-disposition=inline%3B+filename
%3DMicroservices_in_Agile_Software_Developm.pdf&Expires=1607945371&Signature=BLCnZ
xFZeZJBX1NS0RsO1K~gcQI3o7Cr~HPlnmKpOfEUTvqMkdJH1pQpbdsGiA0IDcaHCGCWyeL30PM
vA9y5d9I1ARryVpggf2YajsSKKcsEXGpkbHN9euQk0kkhi5Iin2pQIBLh3zCpU5a-
A62gFFYZu2aqLDtTOivkaulo1HQFuLjULfK~WWFaAFm3jW8exRCui88WvqSDfinIQB6U-
omeH9ikwxjx40or7qWxndoggNMZc6ypSKVjt8O34Le7OMMI6VSnMYG7RBHTdhd6wXioZE8a1a
-2LRlkGbv-ENCfdFgIiVqpELDtMIC9sdtR8unx-JyQVEQfvnnYjegZaQ__&Key-Pair-
Id=APKAJLOHF5GGSLRBV4ZA

Page 8 of 8