1

Student Name
Student ID
Course Name
Course Code
Date

1
 2

Table of Contents
Introduction:...............................................................................................................................................2
Issues that arise due to microservices architecture:...................................................................................2
Microservices Architecture:.....................................................................................................................2
Challenges/Issues:...................................................................................................................................3
Privacy issues that arise due to these challenges:.......................................................................................3
Multi-cloud deployment:.........................................................................................................................4
Data management:..................................................................................................................................4
Isolation and segmentation:....................................................................................................................4
Rate of rapid changes:.............................................................................................................................4
Access control and identity management:..............................................................................................4
Reason for creation of issues and potential mitigations to manage the risk:..............................................5
Defense-in-depth practices:........................................................................................................................5
API gateway:................................................................................................................................................5
API security and data focusing:...................................................................................................................6
DevSecOps strategies:.................................................................................................................................6
Conclusion:..................................................................................................................................................6
References:..................................................................................................................................................6

Introduction:
In the 21st century, most of the business switches their architectural activities from a monolithic
architecture to microservices to stay competitive, to maximize their revenue, and to speed up its
operational activities. In a microservices architecture, there are diverse independent modules
with isolated software functionality that performs the business operations precisely and they are
standalone, responsible to handle business operations. Most of the business like Amazon and
Netflix faces several challenges during the time of transition from monolithic to microservices
business faces multiple challenges because in microservices there are easy and fast development
cycle that makes debugging and deployment easier but on the same side there are many
challenges that are for business due to microservices, there is hard to load the work balance and
2
 3

to maintain the efficient network. During the implementation of the microservices methodology,
several challenges related to privacy and security concern arises. These issues are severe that it
can lead to data loss. It is necessary to mitigate these security challenges so the microservices
can be adopted effectively.

The main aim of this task is to address the challenges that are faced by most of the business
during the time of transition, security, and privacy challenges are associated with these
challenges and the business initiatives. To overcome the impact of these challenges and ensures
the successful implementation of microservices architecture in a workplace efficiently and in a
smooth manner.

Issues that arise due to microservices architecture:

Microservices Architecture:
Microservices architecture is becoming popular over the past several years. It is a type of
modular architectural style that depends on the method of dividing big software projects into
small, loosely coupled, and independent parts which are now very popular among the developers
for their agile and dynamic qualities in API management. Microservices are the architectural
solution for the development of web-based, complex applications. From the SOA's evolution, the
Microservices have become very popular. Service-Oriented Architecture (SOA) was an approach
designed to design to overcome the cons of monolithic architecture.

Microservices is much popular in the world of architecture but it does contain some of the
drawbacks. According to the general point of view, the complexity of the Microservices is the
main issue that any of the distributed systems contains.

Challenges/Issues:
 Complex communication among services:
The request traveling or passing among the modules must be handled carefully because
each service is now independent. In some of the cases, the development teams have to
write some extra piece of code for their safety to remove any type of disruption. The
complexity will start arising from time to time in this case.
 The difficulty of global testing:

3
 4

The testing of applications that are based on microservices is so clunky. In the traditional
monolithic approach, the developers only need to run WAR on the server and check that
it is connected with the required database or not. In microservices before the testing
phase, the confirmation of every dependent service is necessary.
 Product companies of different sizes:
The microservices are good for large-scale companies where it can easily be
implemented, but on the small scale it may be difficult to implement and the process will
be slow enough if they want quick iteration.
 Requires more resources:
More service implementation and dealing will demand more resources. Multiple sets of
databases and managing the transaction will be much complex and painful.
 Difficult to debug:
In microservices, every single service contains its own set of logs that need to be
checked. So there will be difficulty in debugging the issues.

Privacy issues that arise due to these challenges:

For several years, the deployment and development of microservices have become a very
popular method for the development of applications. As it is going to leading method among all
other methods, the security and privacy testing are not that strong enough to mitigate the risks
that have evolved with the massive adoption of microservices. The security and privacy concerns
that are raised with the implementation of microservices have challenged the architectures and
engineers. If these risks are not removed in the software development life cycle then
vulnerabilities will be arises in the runtime of application production. The challenges that arise in
that process are as follows:

Multi-cloud deployment:
The distribution of microservices is done one more than one data center, host machines, and
cloud providers. The development of that kind of infrastructure that is deployed on many clouds
will increase the challenge to lose control and it also gives a push to the visibility of components
of the application.

4
 5

Data management:
The generation of data in microservices changes, moves, and is saved in different locations for
their own purposes. The data asset's owners have to required insight into the dynamics and
lifecycle of data to avoid leakage and data break. The malicious actor tries to enter into the
private assets and data leaks can be occurred.

Isolation and segmentation:

Each component of the application has its own duty to link with different services. All of the
components maintain and develop a channel of communication over different layers of the
infrastructure. In some cases when security vulnerabilities are testing, cross-service
communication becomes missed. It results in major exposure among the services.

Rate of rapid changes:

The development of applications in the latest Software Development Life Cycle forces the data
stores and codebase to grow over time. The methodologies of development push the incremental
and iterative development and it put a constant workload on the microservices.

Access control and identity management:

The microservices provide a new point of entrance for the external and internal actors. The
control of access has to be checked for each entity if it is illegitimate or legitimate. The
administrative interface must help in the devices, applications, manage users, groups, and APIs,
it will provide visibility in real-time of the actions that happen in the surroundings.

Reason for creation of issues and potential mitigations to manage the

risk:
In the fast-growing market where microservices architecture is becoming much popular, it also
comes up with many privacy and security issues. There are many reasons based on which the
security and privacy issues arise but at the same time, several solutions and practices are
available to avoid these issues. For better implementation of microservices architecture, it is
good to use all of them.

5
 6

Defense-in-depth practices:
Data loss is the main issue in microservices because of its long procedure and complex structure.
This strategy includes different security control layer in the application. The security layer covers
sensitive services due to which the potential attacker will not be able to reach that layer or any
other layer behind it. To maximize security rather than a single layer, all security measures must
be done to create multiple security layers. For example, besides the strong firewall network, the
token-based authentication may be used along with the building of a strong layer of monitoring
that helps identify the unusual behavior.

API gateway:
In typical applications of microservices, communication among service customers and
microservices are not possible. API gateways will ensure traffic to enter from a single path which
will lead to various microservices. The API gateways manage the data privileges of services by
using token-based identification and they analyze the data interaction. As the clients can't access
the services directly so they are not able to use the services independently. The protection layer
of the API gateway can be placed behind the firewall which will provide security to the use of
microservices in an application.

API security and data focusing:

Microservices communicate with one another using APIs and data packets. The API permissions
must be closely guarded and only relevant persons can access the APIs. Another way is to
provide the least privileges for controlling the resources. Access should be provided on an as-
need basis to the resources.

DevSecOps strategies:
It dictates the operations staff and developers to allow security teams in the initial stages of
designing to be a part of the team. It is not recommended to consult with them after designing is
done and it goes towards production. Security staff and developers must work together to check
for potential threats in microservices applications automatically and constantly. The centralized
capabilities of monitoring can be gained by InfluxDB and Prometheus.

6
 7

Conclusion:
The implementation of microservices architecture is becoming popular in this technological
world. Microservices architecture is an efficient method to adopt with many benefits and the
latest procedures. It is beneficial but at the same time, several security and privacy challenges
arise associated with the microservices. These challenges are associated with a large number of
resource utilization and debugging difficulties etc. Along with this the security issues such as
loss of data, access control, and data management is many serious issues. These types of issues
arise whenever a new model is invented but there are definitely various strategies present that
can overcome these types of challenges. The main problem is to deal with the risks associated
with privacy concerns. The security team has an essential role in risk mitigation in microservices.
So, by taking all the measures and security measures, the microservices architecture will be
much more efficient and the organizations will totally move from traditional monolithic
architecture towards a microservices architecture.

References:
Almeida, W. H. C., de Aguiar Monteiro, L., Hazin, R. R., de Lima, A. C., & Ferraz, F. S. (2017).
Survey on microservice architecture-security, privacy and standardization on cloud computing
environment. ICSEA 2017, 210.

Baškarada, S., Nguyen, V., & Koronios, A. (2018). Architecting microservices: practical
opportunities and challenges. Journal of Computer Information Systems, 1-9.

Balalaie, A., Heydarnoori, A., & Jamshidi, P. (2016). Microservices architecture enables devops:
Migration to a cloud-native architecture. Ieee Software, 33(3), 42-52.

Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., & Safina,
L. (2017). Microservices: yesterday, today, and tomorrow. In Present and ulterior software
engineering (pp. 195-216). Springer, Cham.

Ghofrani, J., & Lübke, D. (2018, February). Challenges of Microservices Architecture: A Survey
on the State of the Practice. In ZEUS (pp. 1-8).

Ghofrani, J., & Bozorgmehr, A. (2019, November). Migration to Microservices: Barriers and
Solutions. In International Conference on Applied Informatics (pp. 269-281). Springer, Cham.

Jamshidi, P., Pahl, C., Mendonça, N. C., Lewis, J., & Tilkov, S. (2018). Microservices: The
journey so far and challenges ahead. IEEE Software, 35(3), 24-35.

7
 8

Yarygina, T., & Bagge, A. H. (2018, March). Overcoming security challenges in microservice
architectures. In 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE) (pp.
11-20). IEEE.