HomeCasesEnhancing Security of Microservices on Kubernetes

Enhancing Security of Microservices on Kubernetes

Cloud-Native
Information technology
AWS
Kubernetes

Enhancing Security of Microservices on Kubernetes

Executive Summary

A provider of security systems turned to Altoros to assess the maturity of its Amazon Elastic Kubernetes Service (Amazon EKS) deployment:

  • With a six-hour session and subsequent report, Altoros evaluated the customer’s platform against 25 maturity model components and provided an assessment and a roadmap for improvements.
  • By integrating recommendations including container image scanning and running kube-bench, overall security will improve.
  • Several high-priority issues were identified and remediation plans for each were defined, providing the company with industry standards for deployment and a streamlined rollout strategy.
  • By employing recommendations around monitoring, the company gained enhanced visibility and now can observe resource usage and application call paths, which help to expose performance issues.
  • With the recommendations for building a continuous integration/delivery (CI/CD) pipeline, the customer is able to increase feature delivery velocity.

Driving the adoption of Amazon EKS

When the company turned to Altoros, it was converting its monolithic app to microservices for improved scalability and maintenance. Along with this, the customer was containerizing microservices to enable efficient resource utilization, portability, faster delivery, etc., in a secure manner. For this purpose, the organization had adopted Amazon EKS—a fully managed Kubernetes service that has all the necessary tooling for securing, scaling, monitoring, and load-balancing apps.

Having run Amazon EKS for 18 months already, the company wanted to ensure they were using the platform in accordance with their business needs and to its utmost.

Relying on expertise at Altoros as a certified Kubernetes service provider, the company sought independent maturity assessment of its Amazon EKS deployment to identify potential bottlenecks, prioritize optimizations, and develop a roadmap for improvements.

The challenges

Authentication, authorization, and life cycle management systems deal with sensitive data. So, the assessment had to target all the potential vulnerabilities that expose customer’s services to security attacks.

About the customer

Headquartered in Irvine (CA), the company is a provider of authentication and security services. The customer's portfolio includes multi-factor, passwordless, adaptive, and single sign-on authentication systems, as well as solutions for user life cycle management. The organization serves industry giants from healthcare, finance, retail, public sector, etc. The company is also recognized and widely acclaimed by independent advisors and analysts, such as Gartner and KuppingerCole.

Identifying opportunities for optimization

For this assessment, Altoros applied a maturity model that has been field- tested during six years of experience in creating cloud-native solutions with Kubernetes and other platforms.

To get a holistic view, our DevOps experts conducted two technical sessions with the customer’s engineering team to evaluate deployment maturity and identify potential issues. Based on this, instructors at Altoros delivered a report with recommendations ranked by priority and based on impact and complexity for each of the model’s 25 core components.

By assessing current deployment mechanisms, our engineers advised to implement Helm in order to standardize the management of application life cycles. It was also recommended to deploy clusters with eksctl—the official command-line interface for Amazon EKS.

To enhance resilience and reliability, DevOps experts at Altoros suggested a managed Postgres service. This will also adhere to fault tolerance thanks to the automatic failover mechanism available in PostgreSQL.

By creating an update strategy for apps, our developers helped to minimize the risk of outages during rollout of new features. With this approach, the customer can easily update apps and revert changes.

For better observability, Altoros proposed to employ Prometheus as a metrics monitoring tool to accurately measure resource usage and Istio as a tracing tool to observe call paths and analyze interaction issues.

The outcome

Thanks to the maturity assessment by Altoros, the customer timely identified potential issues around its Kubernetes deployment and created a roadmap for prioritized improvements. With the delivered recommendations, the company can exploit Amazon EKS tooling to the maximum, ensuring enterprise-grade security, scalability, and high availability.

Through the experience shared around building CI/CD pipelines, the organization can now speed up feature delivery. Following the advice to merge operators and developers into a single team, the company is on the way to establish a proper DevOps culture.

The customer now has a clear path forward and can rely on Altoros for implementation and support.

Contact us

Let’s Talk

Ryan Meharg

Ryan Meharg

Cloud Solutions Architect

ryan.m@altoros.com650 265-2266

4900 Hopyard Rd. Suite 100 Pleasanton, CA 94588