Security traps to avoid when migrating from a monolith to microservices

  • Rollback to the last known good state after a failure is more complex with microservices, so program in reverts carefully for data integrity.
  • Move as many of your microservices as you can off the public networks to protect against DDoS attacks and other malicious actors.
  • Never pass data between services in plain text. Always encrypt.
  • Add monitoring to each service separately.
  • Develop a logging approach to follow for all teams, each service, consistently.
  • Don’t provide individual services too much access. Limit access intelligently based on need only.

Full post here, 7 mins read