Security traps to avoid when migrating from a monolith to microservices
- Rollback to the last known good state after a failure is more complex with microservices, so program in reverts carefully for data integrity.
- Move as many of your microservices as you can off the public networks to protect against DDoS attacks and other malicious actors.
- Never pass data between services in plain text. Always encrypt.
- Add monitoring to each service separately.
- Develop a logging approach to follow for all teams, each service, consistently.
- Don’t provide individual services too much access. Limit access intelligently based on need only.
Full post here, 7 mins read