Jonn Callahan, principal application security consultant at nVisium, said: “Within modern micro-service deployments, traditional edge-oriented security practices are obsolete. Should an attacker gain access to the internals of a micro-service architecture that does not implement zero trust, it is game over for any defense controls in place; the attacker will likely have carte blanche read and write access to all data handled by the architecture.

“Additionally, I’ve personally spent years negotiating, arguing and occasionally, fighting with security operations teams on their insistence that security controls only need to be implemented at the edge, regardless if you are running modern or legacy systems. This approach is akin to leaving the bank vault door open 24/7, while pointing to the locked front door as a sufficient control.”

Read entire article here