Enterprises are quickly evolving from a posture that approached the cloud as a kind of playground to one that goes all in to achieve cloud-first, cloud-native IT. With this transition from free-for-all to mature-business-service architecture, usually involving multiple public cloud providers, comes the need to answer some thorny questions. It’s no longer sufficient to endlessly pile on additional cloud services to a growing hybrid or distributed cloud infrastructure.

President Joe Biden issued an “Executive Order on Improving the Nation’s Cybersecurity” as of May 12, 2021. The order includes numerous actions and mandates to confront the dangers of cyber attacks that are increasing in frequency and sophistication. Cybersecurity has real and significant implications, both in economical and national security terms. At the time of this writing, the Colonial Pipeline cyber attack caused quite a stir on the USA’s east coast.

Large-scale, sophisticated attacks like the SolarWinds cyber intrusion and the Microsoft Exchange Server hack are disturbing, to say the least. These are more than just bad headlines; they reflect fundamental, systemic problems with the security postures in most enterprises. One underreported issue is the continued adherence of organizations to principles that maintain strong perimeter controls to prevent things outside from coming in.

Many companies are leveraging DevOps, microservices, automation, self-service, cloud and CI/CD pipelines. These megatrends are changing how companies are building and running software. One thing that often slips through the cracks is security. With microservices, there’s an increase in the number of APIs companies have to protect. YouTube An error occurred. Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.

Imagine you’re going through immigration at the airport. The immigration officer says, “I don’t need your passport because I trust that you are who you claim to be.” Wait, what? That would never happen, right? That’s because trust is exploitable. Sooner or later, somebody will try to lie about who they are, and thus a criminal could enter the country. That’s why countries must enforce some form of identity, like a passport, to certify travelers are who they claim.

Transitioning to microservices has many advantages for teams building large applications that must accelerate the pace of innovation, deployments and time to market. It also provides them the opportunity to secure their applications and services better than they did with monolithic codebases.