Morioh
Login
Waylon Bruen

Waylon Bruen

3 years ago

The world is moving toward microservices-based applications. Service mesh is emerging as one of the main architectures to deploy and manage microservices environments, because of the benefits it brings with advanced traffic management, holistic observability and better security. Microservices communicate with each other through APIs, so securing communications between the individual services is becoming more important than ever and has to be addressed.

Mutual TLS (mTLS) secures communication between microservices in a service mesh. It uses cryptographically secure techniques to mutually authenticate individual microservices and encrypt the traffic between them.

Why mTLS?

According to Google, 90% of internet traffic is encrypted to prevent eavesdropping and man-in-the-middle attacks. Yet many cloud native application deployments today do not have encrypted communications between microservices, based on the weak assumption that traffic inside the cluster is secure and not susceptible to attacks. This is a risky assumption. Not only should communications between microservices be secured, but many regulations (like GDPR and HIPAA) also recommend end-to-end encryption to protect all data in transit.

In this era of zero-trust security, each individual microservice communication (request-response) must be authenticated, authorized and encrypted. Here’s why:

  • Authentication uniquely identifies each microservice and ensures that a rogue microservice cannot access your sensitive data.
  • Authorization determines which microservices can communicate with each other. You wouldn’t want the microservice that handles your company’s credit card processing to communicate with the microservice that manages the door badge reader for your office building.
  • Encryption not only prevents third parties from intercepting and viewing your data in transit, but also thwarts man-in-the-middle attacks. You definitely don’t want credit card data to be visible to unauthorized entities on the network.

As companies move towards zero-trust security, mTLS provides a cryptographically secure way to authenticate, encrypt and enforce communication policies between microservices

#microservices #security #service mesh

Mutual TLS: Securing Microservices in Service Mesh

thenewstack.io

Mutual TLS: Securing Microservices in Service Mesh

Mutual TLS: Securing Microservices in Service Mesh. Mutual TLS (mTLS) secures communication between microservices in a service mesh. It uses cryptographically secure techniques to mutually authenticate individual microservices and encrypt the traffic between them.

1.90 GEEK