I am not a fan of tapas. I’ll take the 22-oz. bone-in ribeye over small plates any day. My wife is the opposite; she loves them. With more tapas bars opening and existing restaurants adopting a “small plate” menu, I find myself losing the battle of steakhouse vs. tapas quite often. After several meals (if that’s what you call them), I will admit I’ve started to see some of the appeal: pick what you’re in the mood for each bite, collaborate with friends on menu selections, and prevent one bad dish from ruining the meal. At the steakhouse, I make my own selection, I commit to a large meal, and my entire dining experience depends on one item that I hope the chef cooks perfectly.
If I switch focus from steaks to software development, I do a complete 180 – I’m all about the small plates. This is not a ground-breaking opinion. The shift to developing several small pieces of software versus a single large application has been popular for a while. The advantage of developing microservices over monolithic applications are numerous:
Those are just a few of the many benefits of the microservice architecture, which is why most of our conversations with existing clients or prospective customers eventually involve microservices and how they impact an application security program, especially with the rapid development that goes hand-in-hand with microservices. After many of these conversations with various organizations on this topic, here are the three most common discussions points:
As this shift to microservices takes hold, we’ve been working with our customers every day to help them embrace microservices without sacrificing security. Veracode scans of microservices usually happen in minutes (or seconds with our latest Greenlight product offering); we’ve been solving the problem of scale with our cloud-based solution for years; and, our roadmap is constantly being updated to include support for the newest development technologies.
Shifting to microservices and the greater movement to DevSecOps should allow your organization to create higher quality software faster. Without aligning the application security program to embrace this transition, there will be conflict between speed of delivery and security. At our core, we are a software company. We practice what we preach by using Veracode to ensure our software is secure as we deliver new functionality (via microservices) to our clients.
We’d love to hear from you on how your organization is restructuring application development, adopting DevSecOps and what challenges that might be posing for application security.