API Security Challenges for Cloud-native Architects

Slide 1

Slide 1 text

Pierre Versali pierre-versali.bitbucket.io API Security Challenges for Cloud-Native Architects

Slide 2

Slide 2 text

Pierre Versali Cloud-Native Software Architect Principal Consultant | Team Coach

Slide 3

Slide 3 text

Agenda Software Architecture Cloud-Native Software API Security Challenges

Slide 4

Slide 4 text

Monolith Application Software Architecture

Slide 5

Slide 5 text

Monolith Application Distributed Monoliths Software Architecture

Slide 6

Slide 6 text

Monolith Distributed Monoliths Service Oriented Architecture Software Architecture

Slide 7

Slide 7 text

Monolith Distributed Monoliths Service Oriented Architecture Microservices Software Architecture

Slide 8

Slide 8 text

From Monolith Application to Digital Platforms

Slide 9

Slide 9 text

Digital Platform – Data Flows

Slide 10

Slide 10 text

Cloud Models

Slide 11

Slide 11 text

Cloud Models

Slide 12

Slide 12 text

Evolution of Delivery Models

Slide 13

Slide 13 text

Strategic Efficient Secure Flexible Cost-effective Benefits of Cloud

Slide 14

Slide 14 text

Containers APIs Microservices Cloud-native Software Cloud Infrastructure Dev Ops

Slide 15

Slide 15 text

HIGHLY-AVAILABLE SCALABLE COST-EFFECTIVE Cloud-native Software

Slide 16

Slide 16 text

API – Application Programming Interface

Slide 17

Slide 17 text

ü Loose Coupling ü Integration ü Collaboration ü Standardization ü Developer Experience ü Testability API Benefits

Slide 18

Slide 18 text

API Protocol Message Format Specification Synchronous SOAP XML SOAP REST over HTTP JSON OpenAPI GraphQL GraphQL GraphQL gRPC over HTTP/2 Protobuf gRPC Asynchronous Event Broker Pub / Sub Kafka / MQTT JSON Protobuf Avro Thrift AsyncAPI WebSockets API – Protocols | Message Formats | Specification Standards and Best Practices

Slide 19

Slide 19 text

ü Separation of Concern ü Diversity in Technology Stack ü Isolation ü Reusability ü Flexibility / Scalability ü Reliability Microservices Beneﬁts

Slide 20

Slide 20 text

• Complexity • Security • Performance • Evolutivity • Deployment • Data Consistency • Resilience • Fault Tolerance • … 🤯 Microservices concerns

Slide 21

Slide 21 text

Service Orchestration

Slide 22

Slide 22 text

Reactive Programming / Message-Driven

Slide 23

Slide 23 text

Event Sourcing & CQRS

Slide 24

Slide 24 text

Domain-Driven Design

Slide 25

Slide 25 text

API Conversation Pattern Synch Graph Async Messaging (Pub/Sub) Processes Data Consistency Eventual Consistency Choreography / Orchestration Event-Sourcing CQRS Fault-Tolerance Process Management State Management Retry / Rollback Data storage Relational Data Key-Value Event-Driven Microservices problems

Slide 26

Slide 26 text

Identity and Access Management

Slide 27

Slide 27 text

Containers

Slide 28

Slide 28 text

Node 2 Node 3 Node 1 … Container Orchestration Configuration Availability Provisionning Scaling Automation Resource Allocation Load Balancing Health Monitoring

Slide 29

Slide 29 text

DevSecOps

Slide 30

Slide 30 text

Quality Gate & Test Automation

Slide 31

Slide 31 text

Infrastructure as Code

Slide 32

Slide 32 text

• Key Vault • GitOps • Platform Engineering • SRE • FinOps Infrastructure as Code – Going further

Slide 33

Slide 33 text

Containers Orchestration API-First Development Reactive Microservices Cloud-native Software on Steroïds IaC / GitOps / FinOps Platform / SRE Dev Ops Security Domain Driven Design Observability MFA IAM

Slide 34

Slide 34 text

Accelerate delivery Speed-up time-to-market Enable modularity Enable Agility Continuous Delivery Cloud-native Software Benefits

Slide 35

Slide 35 text

There is not a single or clear way for designing Software Architecture Software Architecture is at the edge between Business Goals, Functional Requirements, Hardware Capabilities and… your Budget! Takeaway

Slide 36

Slide 36 text

• Architecture decisions are tough • Architecture decisions always come with trade-offs • Architecture decisions always require effort (and sometimes pain) • Architecture decisions require compromise • Architecture decisions should always be balanced • Changes require to adapt Takeaway