DevOps and Microservices – a Security View

Author

John Arnold

January 23, 2015

Most organisations I work with have complex, laborious procedures for installing applications into a production environment.  These can be very frustrating when you’re working to a deadline, but they do perform some valuable functions from the security point of view: they protect the integrity of the production environment, and they separate the operations staff from the developers.

However, these procedures are oriented towards organisations that deploy a code change once a quarter.  They’re not workable if, like many modern organisations, you need to deploy a code change once a day, or once an hour.

The DevOps movement is intended to address this new requirement.  DevOps brings development, operations and QA staff together to streamline and unify deployment processes.  DevOps makes heavy use of automation to achieve this.

DevOps works closely with micro service architectures such as Docker.  Micro services are small, independently deployable services that communicate using lightweight protocols.  Micro services are deployed automatically and hosted using containerised virtualisation.

Like conventional virtual machines, micro services are isolated within containers so that they cannot interfere with each other.  Containers in Linux use a number of specialised features to provide isolation:

  • Namespaces, which provide separate process spaces, network instances, IPC resources, mount points etc. for each container.

  • Cgroups (control groups), which manage the use and sharing of physical resources.

  • Union file systems, which allow file structures from different sources to overlay each other.

How secure is a micro service architecture?  The concept is too new to give a definitive answer, here are my thoughts:

  • Containers are a new technology so we can assume (without the need to consider any actual evidence) that they contain numerous security bugs.

  • We can also assume that these bugs will be discovered and corrected rapidly over time as containers are subjected to more scrutiny.

  • Containers are more lightweight than virtual machines and present a much smaller attack surface.

  • It will always be difficult to protect a UNIX type OS against a process running as root.

  • The high degree of automation when installing a micro service will bring significant security benefits.  It will become much easier to deploy standard hardening and to avoid error-prone manual install steps.

In conclusion: I wouldn’t put anything sensitive on a multi-tenanted micro service platform today.  But in a couple of years it should be a different story.

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter