The Department of the Navy's Information Technology Magazine Notify Me of New Issue
Email this Article Email   

CHIPS Articles: Building Secure Microservices-based Applications with a Service-Mesh Architecture

Building Secure Microservices-based Applications with a Service-Mesh Architecture
NIST SP 800-204A Now Available
By CHIPS Magazine - May 29, 2020
As microservices-based applications are increasingly deployed within large enterprises and cloud-based environments, dedicated and scalable infrastructure is needed to support a comprehensive set of security services. This infrastructure is called the Service Mesh, which can support authentication, authorization, secure service discovery, secure communication, security monitoring, as well as other security services, the National Institute of Standards and Technology wrote in a new release.

To this end, NIST announces the publication of SP 800-204A, Building Secure Microservices-based Applications Using Service-Mesh Architecture. Its purpose is to provide deployment recommendations, including configuration parameters, for Service Mesh components that span several runtime aspects of microservices-based applications to meet the security requirements of this class of applications for various scenarios. The deployment of Service Mesh components to enable these services involves multiple configurations.

The distributed cross-domain nature of microservices needs secure token service (STS), key management and encryption services for authentication and authorization, and secure communication protocols. The ephemeral nature of clustered containers by which microservices are implemented calls for secure service discovery. The availability requirement calls for: (a) resiliency techniques, such as load balancing, circuit breaking, and throttling; and (b) continuous monitoring for the health of the service.

The service mesh is the best-known approach that can facilitate specification of these requirements at a level of abstraction such that it can be uniformly and consistently defined while also being effectively implemented without making changes to individual microservice code, NIST wrote.

The purpose of this document is to provide deployment guidance for proxy-based Service Mesh components that collectively form a robust security infrastructure for supporting microservices-based applications.

Publication:
SP 800-204A (DOI)
NIST Download

Other Parts of this Publication:
SP 800-204

Related CHIPS Articles
DARPA aims for cold technology in high-performance computing — critical to processing data at tactical edge
NIWC Atlantic Cybersecurity Specialist Wins Copernicus Award
NSA Overcomes Communication Challenges in the Age of COVID-19
NSWC Crane Explains Machine Learning Radio Frequency in New Video
NSWC Dahlgren Division Tests G/ATOR System Capabilities for U.S. Marine Corps
Related DON CIO News
It's an Exciting Time to be Part of the DON IT Community
DON IT Conference Session Recordings Available
Schedule Available for DON IT Conference East Coast 2020 Virtual Event
Join DON CIO, DCNO Information Warfare and the Deputy Commandant for Information for a Cybersecurity Awareness Month Discussion
The COVID-19 Impact on Modernize, Innovate and Defend
Related DON CIO Policy
The Chief Information Security Officer Handbook
Spectrum Supportability Risk Assessment Process Using the Spectrum Supportability Integrated Process Portal
DON CIO Cybersecurity Strategy Guidance
DON Public Affairs Policy and Regulations
DON Cyber Range Policy Guidance

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer