CA Veracode on the Current and Future State of Microservices

DZone 's Guide to

CA Veracode on the Current and Future State of Microservices

Talking to Tim Jarrett of CA Veracode, we learned how microservices will be critical as applications become more complex.

· Microservices Zone ·
Free Resource

Thanks to Tim Jarrett, Senior Director of Product Marketing at CA Veracode for sharing his perspective on the current and future state of microservices.

How is your company involved in the creation or use of microservices?

We provide application security throughout the SDLC integrating security into DevOps to provide DevSecOps.

What do you see as the most important elements of microservices?

From the software design perspective, everything is normal; however, all designs need to be more formal. There is a need to think through things at a finer level of detail. How to do security to ensure every microservice is safe. You need to be more systematic. It’s a combination of technology breaking into smaller pieces and shipping less code more often. Traditional IT ops need to be doing DevOps so developers will own the problem if an application is breached.

Which programming languages, frameworks, and tools do you, or your company use, to build out microservices?

We tried several different languages and came back to Java with a Spring Boot framework because that’s what we were able to find people that can develop were using. We see a lot of Python and NodeJS with our clients.

How have microservices changed application development?

Faster speed to market and realization of value with cloud scaling as a service. Also, the functionality is completely separated with formal connections via APIs. Able to integrate more services. Process changes are harder for individual teams and product managers getting the product to market since they are managing dependencies among six to 12 pieces.

What kind of security techniques and tools do you find most effective for securing microservices?

It’s the same as other apps. Integrate static application security testing into the build process. This works even better with microservices because it happens more frequently. Process-wise you bring security into the process definition. Turning to dynamic versus static testing. Able to see more risks better once the application is deployed.

What are some real-world problems you, or your clients, are solving with microservices?

Taking applications and making them more maintainable and testable. Extend the core capabilities across a customer-facing product. Easier to manage scale.

What are the most common issues you see affecting the implementation of microservices?

Organizationally, development teams take time to take ownership of the production of services. Coordination of different microservices and their connections. This improves over time with a steady state. Microservices do not offer a “free pass” in terms of overbuilding. Do not overbuild to accommodate every use case.

Do you have any concerns regarding the current state of microservices?

Most companies using a microservices architecture see it as an opportunity to improve their development process. Build security in from the start.

What’s the future for microservices from your point of view - where do the greatest opportunities lie?

Microservices provide a good starting point for the scalability of the cloud and the other benefits offered by the cloud. However, moving to the cloud is not simply “lift and shift.” Microservices are particularly beneficial when building a platform that many things plug into – it makes a complex problem much easier.

What do developers need to keep in mind when working on microservices?

APIs are critical. Think API-first in a systematic way. Be able to take advantage of extensibility and scalability. When working with microservices, think about how to build security into the process.

Is there anything you’d like to know about what software developers are doing with regards to microservices?

What kind of languages and frameworks are they using? How fast are they going? What’s the number of projects they are working on? How many microservices are they developing? Managing?

What have I failed to ask you that you think we need to consider with regards to microservices?

Think about things as you would with regular apps just do development correctly building in security and well-developed APIs.

microservices ,interview ,devsecops ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}