Why a Microgateway?
With the advent of microservice architectures and DevOps practices, central security gateways concentrating many tasks for all services on a single system have increasingly been challenged.
While this approach allows dealing with issues "once and for all", it requires coordination between different application managers, between administrators and developers, and between the security team and all the others. Stakeholders may have differing requirements, timelines and policies for the single system they share.
Security professionals argue for security to be part of a deployment pipeline from the very first minute - as adding security as a last step before going into production is a recipe for disaster. It leads to the security team being blamed for missed deadlines, to unhealthy compromises and ongoing tension between teams.
Following DevOps principles, developers are asked to embrace operational responsibility for their services.
- Hence, it is necessary to support DevOps teams with a dedicated security component that:
- is lightweight (for coupling with microservices),
- belongs to them (so they can take responsibility) and
- follows DevOps best practices for automation and configuration.
This is where the Airlock Microgateway - as an addition to the Airlock Gateway appliance - comes in.