MIS603 Microservices Architecture

Assessment Title: Privacy and Security Report

Student Name:

Student ID:
Lecturer Name:

Page 1 of 8
Introduction:
Microservices is fundamentally an approach or architectural style which is used to structure and
design an application with numerous small independent services. It's one of the modern approaches
being used by companies worldwide. It is a collection of services that are vastly maintainable, testable,
organized by business capabilities, and independently deployable. It also evolves frequent and reliable
delivery of complex applications and technology. Whereas it has numerous benefits but microservices
are not a golden bullet. It has some drawbacks and challenges. However companies face several issues
in using this architectural style, it's essential to debate those concerns so that anyway out can be
prepared. In this report, many issues will be addressed as challenges in applying microservices and
privacy issues. The root causes are also discussed in this report which arises issues.
It's essential to reduce risks and their impacts on applications. Different risk mitigation
techniques are written in the report which will help in lessening risks. These methods are used to
mitigate the impacts of risks and to manage the risk for both security and privacy. DevOps also has
importance in the risk-reducing process which is discussed in this report. Towards the end risk handling
options are given which are necessary for the extenuation of risk and its impacts with the help of figures
which helps in elaborating the strategy.
Issues and Security Challenges:
There are certain challenges in using microservices as a software development method. There
are few repeatable empirical studies on this architecture. This architecture has many active parts, which
makes the architecture very complex. This problem requires a lot of effort and attention. Plan to simplify
the complex architecture. This style requires cultural change, which is also one of its problems. Another
problem is the cost of this architecture. It is more expensive than other traditional methods. In this
architecture, security also needs attention.
There are five big challenges based on the applications of microservices which are discussed
below. (Nera, 2019)

1. Structure Design and Multi-Cloud Deployment:

Microservices are spread across many data centers, cloud providers, and host computers. It
becomes a challenge that visibility of components and rise in losing control while building infrastructure
across cloud-based.

Page 2 of 8
2. Segmentation & Segregation:
The decoupled components of the application perform their functions while interdependent
with many other services. Sometimes the communication between services is ignored during testing,
which becomes the main problem exposed between service interfaces.
3. Identity Managing & Access Control:
In microservices architecture new entry points exposes for both interior and exterior actors.
Access control should be carried out on all legal or illegal actors. It is important to have a managing
interface that allows you to manage users, applications, clusters, devices, and APIs from a central
location to understand what is happening in a real-time environment.
4. Data managing:
The data created in the microservices architecture is constantly moving, changing, and
interacting with the data. Data is also stored in different places and used for different purposes. Data
asset owners need information about the life cycle and dynamics of the data to avoid leakage. It’s
essential to make sure that data is secured during communicating between channels, so no malicious
actors can interact with data from vulnerabilities.
5. Swiftness in Application Changes:
The architecture uses various rapid development strategies to drive incremental and iterative
development. Securing applications and reducing the number of attacks on applications is challenging
because microservices require non-trivial off-the-shelf solutions.

Concerns Regard Privacy:

In addition to other issues, the architecture also has some privacy issues. The main reason
behind privacy issue is not having own hosting cloud-platform. These problems need to be solved
urgently because this architecture will not harm the privacy of the users of the developed applications.
Dissimilar functions being managed by different teams and groups in the architecture which has a major
impact on privacy issues. If the application can access the user's personal data, the application is
responsible for ensuring that this data is not transmitted and does not leak or fall into the wrong hands.
There is an urgent need to develop a data protection framework to ensure user data and privacy. This
architecture should conform to the CIA triangle (confidentiality, integrity, and availability).
Another data protection issue is usage of communications channel between services which
enhance more complexity in data handling. The system must use defenses extensively to prioritize
critical system services and avoid privacy issues. The system must use automatic system updates so that
problems can be detected early. Another way to avoid privacy issues is to use a centralized distributed

Page 3 of 8
firewall.
The full picture behind these Issues:
The need for cultural change is the subject of this architectural system. The reason for this
problem is that this architecture requires the transfer of decision-making authority among all team
members.
The budget of the architecture could be very high, and the cause for this problem is that there
are several small self-governing services in the architecture that communicate with each other via
remote calls. There are also reasons for the security issues in this architecture. The reason is that the
architecture modules exchange data on a large scale, which brings security risks.

Figure 1: The full picture behind these Issues (Sengupta, 2021)

Risk Reduction Strategies:

It is essential to apply some risk mitigation strategies in lessening security and privacy threats for
the company. In an environment with a microservices architecture, these tactics play identical
importance because they lessen the impact of risks and errors in the architecture and provide reliable
solutions to problems in the architecture.

Page 4 of 8
 The four main tactics are acceptance of risk, avoidance of risk, Risk transfer, and risk limitation.
In a microservices architecture, mitigation tactics play a crucial part in the management of data
protection and security risks.
Openness will greatly increase the vulnerabilities of the system (Menori, 2012). There are some
fundamentals steps to lessen the risk, when these steps are applied to the system then we can believe
the application is more reliable, secure and resilient, etc.
DevOps plays an important role in risk assessment. In the organization, managers ensure that all
risk management strategies are always up to date. Figure 2 below gives a rough idea of how these
strategies work to find risks and then decrease their impact.

Figure 2: Risk Mitigation and DevOps (“Mitre”, n.d.)

When discussing mitigation strategies, the importance of these strategies in the system must
also be emphasized. When reducing risks, consider the possibility of occurrence and the severity of the
risk consequences. Apply general guidelines for risk mitigation as defined some handling options below

Page 5 of 8
that will help to make strategic implementation to mitigate risk.

Figure 3: Risk Mitigation Strategies (Sbr, 2020)

As shown in Figure 3, it is crystal clear for lessening in risk there are some handling options. For
each of these options, a plan must be developed, implemented, and monitored for effectiveness. More
information about management options which are being used by numerous companies is given below,

1. Risk Assumption and Acceptance:

To reduce some risks in system, the cost of mitigating the risk exceeds the cost of taking the risk.
In this case, it is necessary to accept the risks and monitor them technically.
2. Risk Avoidance:
In the conversion from monolithic to microservices architecture, the risk of financial loss and
damage should be avoided. Adjust system requirements or restrictions to eradicate or decrease
risks. This adaptability can be adjusted by changing finance, plan, or technical necessities.
3. Risk-sharing or transferring:
Due to sharing of data between communication channels the probability of attack or data loss is
high. Risks that are unlikely to occur but have a significant financial impact should be mitigated
by sharing or transfer; i.e. by forming a partnership or subcontracting.
4. Risk Reduction (Control):
To reduce risk in company the most common strategy is to limit risk. The company takes specific
measures to eliminate known risks and manage their risks. Risk limitation usually involves a
certain degree of risk acceptance and a certain degree of risk aversion.
5. Hedge on Risk(Monitor):
Hedging involves additional risk in the opposite direction of reducing risk. Natural hedging
organizes the business in a way that "internal" risks offset each other, while external hedging
uses tools that generate offsetting risks.

Page 6 of 8
Conclusion:
To conclude, it is obvious that there come various challenges when transitioning from a
monolithic architecture to a microservices architecture, which can be solved with appropriate planning
and resources. The problem is that the system needs to execute the strategy correctly to remove the
issues and challenges. When using a microservices architecture, there are several problems that can
severely damage a corporation or business. Each problem should be solved as soon as possible so the
user can be satisfied with the utmost security and privacy.
It laid a convincing foundation for the continued success of the building; finally, it is important
to address in regards risk reduction strategies because these strategies play an important role in
reducing risk. For an organization, any risk or its chance is lethal that can breach the system, so
appropriate plans and roadmaps are needed to implement these risk mitigation strategies. CIA triangle
is necessary for a system that solves privacy and security issues. Various options have been discussed
above, and these options are critical to reducing the impact of existing or possible risks.
Regardless of the purpose, large and complex applications are still large and complex.
Implementation teams need to communicate with each other in a matrix form, no matter what they are
concerned about. Microservices are not a silver bullet, we have to focus and think more.

Page 7 of 8
 References:

Richardson, C. (2020) What is Microservices? Retrieved from https://microservices.io/

Besic, N. (2019, October 16). the Top 5 Challenges of Microservices Security. NeuraLegion. Retrieved
from https://www.neuralegion.com/blog/the-top-5-challenges-of-microservicessecurity/

Sbr (2020, January 29). 5 risk mitigation strategies and how to properly manage the risk mitigation
Retrieved from https://silverbulletrisk.com/blog-5-risk-mitigation-strategies-and-how-to-properly-
manage-the-risk-mitigation/

Taibi, D., Lenarduzzi, V., Pahl, C., & Janes, A. (2017, May). Microservices in agile software development: a
workshop-based study into issues, advantages, and disadvantages. In Proceedings of the XP2017
Scientific Workshops (pp. 1-5). Retrieved from
https://d1wqtxts1xzle7.cloudfront.net/54607525/Microservices_in_Agile_Software_Develop
ment_a_Workshop-Based_Study_into_Issues_Advantages_and_Disadvantages.pdf?
1507017172=&response-content-disposition=inline%3B+filename
%3DMicroservices_in_Agile_Software_Developm.pdf&Expires=1607945371&Signature=BLCnZ
xFZeZJBX1NS0RsO1K~gcQI3o7Cr~HPlnmKpOfEUTvqMkdJH1pQpbdsGiA0IDcaHCGCWyeL30PM
vA9y5d9I1ARryVpggf2YajsSKKcsEXGpkbHN9euQk0kkhi5Iin2pQIBLh3zCpU5aA62gFFYZu2aqLDtTOivkaulo
1HQFuLjULfK~WWFaAFm3jW8exRCui88WvqSDfinIQB6UomeH9ikwxjx40or7qWxndoggNMZc6ypSKVjt8O
34Le7OMMI6VSnMYG7RBHTdhd6wXioZE8a1a -2LRlkGbv-ENCfdFgIiVqpELDtMIC9sdtR8unx-
JyQVEQfvnnYjegZaQ__&Key-PairId=APKAJLOHF5GGSLRBV4Z

Sengupta, S. (2021, January 21). Challenges of Microservices & When To Avoid Them Retrieved from
https://www.bmc.com/blogs/microservices-challenges-when-to-avoid/

MITRE [image].(n.d.). Retrieved from https://www.mitre.org/publications/systemsengineering-

guide/acquisition-systems-engineering/risk-management/risk-mitigationplanning-implementation-and-
progress-monitoring

Page 8 of 8