Professional Documents
Culture Documents
MIS603 Microservices Architecture Assessment Tittle: (Privacy and Security Report)
MIS603 Microservices Architecture Assessment Tittle: (Privacy and Security Report)
Page 1 of 8
Introduction:
Microservices is basically an architecture or approach which is used to design applications
in the form of several independent small services. This is one of the latest approach which is
used by many companies worldwide. Where there are countless advantages of this approach,
there are also its drawbacks. Companies face many challenges and issues while using this
method for software development. There is need to highlight those issues so that any solution
is made. In this report, different challenges and privacy issues are discussed. The reasons
behind the occurrence of these kind of issues are also written in this report. Many reasons are
discussed which are considered as the main cause of these challenges and issues.
There is also need of reduction of risk and its impacts. Different risk mitigation
strategies are highlighted in this report. This concept is elaborated with the help of two figures.
These strategies are used to reduce the impact of risks and to manage the risks for both the
security and the privacy. DevOps are also playing key role in risk mitigation process. There
importance is also discussed briefly. At the end of the report, different options are given which
are essential while dealing with the reduction of risk impacts or while talking about the risk
mitigation strategies.
Page 2 of 8
This architecture is distributed in many data centers and cloud providers etc. This
becomes a challenge as the visibility of application components and the loss of control must be
checked and controlled in this architecture.
4. Data Management:
The data in this architecture is always in moving state. It is stored at several different
places which have different purposes. There is a very high challenge to secure the data from
leakage. It is important to protect data from malicious actors so that they can’t break into
private assets.
Privacy Issues:
Besides other issues, there are also some privacy issues of this architecture. These issues
must need to be resolved on urgent bases as this architecture cannot compromise on the
privacy of its users of developed applications. In this architecture, different teams and groups
manage different functions within the application and this has a significant impact on the
privacy issue. If the application gets access to the private data of the user then it is the
responsibility of the application to make sure that the data do not leak and do not go in wrong
Page 3 of 8
hands. There is high need of designing the privacy framework so that data and privacy is
assured to users. This architecture needs to follow the CIA (confidentiality, integrity and
availability) triangle.
Another privacy issue is the breakdown of the application into multiple
components. This prevents from increase of organization’s attack surface. The system need to
use defense in depth method in order to prioritize the key services and prevent the privacy
issues. System is required to use automatic system updates so that the issue can be detected
on early stages. One should avoid writing their own crypto code in order to be more secure.
Another option to avoid privacy issue are the usage of distributed firewalls with centralized
controls.
Page 4 of 8
DevOps have a significant role in the risk assessment. Managers make sure that all of the
risk management strategies are always up-to-date. Below in the Figure 1, there is a rough idea
of how these strategies work in order to identify the risks and then reduce its impact.
While talking about the mitigation strategies, there is also need to highlight the
importance of these strategies in the system. During risk mitigation, the probability of
occurrence and severity of the consequence for the risk is considered. As shown in Figure 2,
there are general guidelines for applying risk mitigation.
Page 5 of 8
Figure 2. Risk Mitigation Handling Option (“MITRE”, n.d.)
In the above figure, it is clear that the options for handling of risk mitigation includes:
1. Acceptance of the risk
2. Avoidance of the risks
3. Control of the risk
4. Transferring of the risk
5. Monitoring of the risk.
These all option are essential while reducing the impact of the risks in the system.
Each and every option requires a proper plan in order to implement them in the system. Below
is a list of some common risk mitigation options which many companies or architectures may
adopt to reduce the risk impacts:
1. Technical and critical reviews of the engineering process of Microservices Architecture.
2. The oversight of component engineering for Microservices Architecture.
3. The analysis and test of critical design items in Microservices Architecture.
4. The fast prototyping and test feedback in Microservices Architecture.
5. Consideration of critical design requirements for Microservices Architecture.
6. Initiation of developments in Microservices Architecture.
Conclusion:
In the end, it is proved that in order to shift from Monolithic Architecture towards the
Microservices Architecture, there are many issues which are occurred. These issues can be
resolved with the help of proper planning and resources. In order to resolve all kinds of such
issues, the system needs proper implementation of strategies. While working with
Microservices architecture, there are many issues which may lead to large failures in the
Page 6 of 8
company or organisation. Many challenges are faced by the users of this architecture. Each
challenge needs to be resolved on urgent bases so that the architecture may continue to be
successful.
At last it is important to talk about the risk mitigation strategies as they have a significant
part in the reduction of the risks. Every risk and its likelihood is a great threat to the company
and the system itself. For the implementation of these risk mitigation strategies there is need
to have a proper planning and a road map. The system can adopt the CIA triangle for resolving
the privacy and security issues. Several options are discussed above which are vital in context
of reducing the impact of any risk occurred or any risk which is likely to be occurred.
References
Page 7 of 8
Besic, N. (2019, October 16). the Top 5 Challenges of Microservices Security. NeuraLegion.
Retrieved from https://www.neuralegion.com/blog/the-top-5-challenges-of-microservices-
security/
Lohani, R. (2016). Risk Management with Microservices and DevOps. Retrieved from
https://www.linkedin.com/pulse/risk-management-microservices-devops-rachit-lohani
Menoni, S., Molinari, D., Parker, D., Ballio, F., & Tapsell, S. (2012). Assessing multifaceted
vulnerability and resilience in order to design risk-mitigation strategies. Natural Hazards, 64(3),
2057-2082. Retrieved from https://d1wqtxts1xzle7.cloudfront.net/46511598/s11069-012-
0134-420160615-5310-1687alm.pdf?1466004249=&response-content-disposition=inline
%3B+filename
%3DAssessing_multifaceted_vulnerability_and.pdf&Expires=1611403409&Signature=NgxH5IE
QUpc6eQ8tJRBXIhNOlM4mevWWSsgmnwZLW1S0TPYb7fpAx3SQePHEtpeHN-
T00Dv5d3LtWZLnY-Lpm~TW4-vAcDUO5glZRkDjGprCt7KI8p-F-SPIgYqD-
S4cJTFy4sfIvXA3ACDZRmd-
77fUvWG1auD7OZDzYV~nC9Tnuvjyv04RKSe2kfEDHmSn1EZJAR17eskgYNgFsJoJvkb9wUx~vjuA
QCazKw4B9HBQuXXxQK5I98y7nU32iPO4lmSDBotrkCr~cvG0Px08urSY2rLWzAtMqnbHwbepo5
Ul3yz-FuNe0uaMBbwk0x8IYEWCpvr-6yfMHukRI6BozA__&Key-Pair-
Id=APKAJLOHF5GGSLRBV4ZA
Taibi, D., Lenarduzzi, V., Pahl, C., & Janes, A. (2017, May). Microservices in agile software
development: a workshop-based study into issues, advantages, and disadvantages.
In Proceedings of the XP2017 Scientific Workshops (pp. 1-5). Retrieved from
https://d1wqtxts1xzle7.cloudfront.net/54607525/Microservices_in_Agile_Software_Develop
ment_a_Workshop-Based_Study_into_Issues_Advantages_and_Disadvantages.pdf?
1507017172=&response-content-disposition=inline%3B+filename
%3DMicroservices_in_Agile_Software_Developm.pdf&Expires=1607945371&Signature=BLCnZ
xFZeZJBX1NS0RsO1K~gcQI3o7Cr~HPlnmKpOfEUTvqMkdJH1pQpbdsGiA0IDcaHCGCWyeL30PM
vA9y5d9I1ARryVpggf2YajsSKKcsEXGpkbHN9euQk0kkhi5Iin2pQIBLh3zCpU5a-
A62gFFYZu2aqLDtTOivkaulo1HQFuLjULfK~WWFaAFm3jW8exRCui88WvqSDfinIQB6U-
omeH9ikwxjx40or7qWxndoggNMZc6ypSKVjt8O34Le7OMMI6VSnMYG7RBHTdhd6wXioZE8a1a
-2LRlkGbv-ENCfdFgIiVqpELDtMIC9sdtR8unx-JyQVEQfvnnYjegZaQ__&Key-Pair-
Id=APKAJLOHF5GGSLRBV4ZA
Page 8 of 8