When to Retire the Monolith: Is a Move to Microservices in Your Future?

We’ve seen monumental changes in personal computing over the past few decades. The more sophisticated a device becomes, the more compact its design and the more advanced its capabilities. Take mobile phones: their first iterations were cumbersome and slow compared to the sleek, fast smartphones we now carry in our pockets. And modern-day laptops are far more refined than their predecessors.

Like large, clunky hardware of the past, most applications and digital services have been built as complex monolithic architectures. This means that when one part needs fixing or updating, the whole application must be shut down, causing outages and compromised user experiences. In an effort to modernise application development, developers are now adopting a microservices architecture (MSA).

With MSA, the application is a collective of various self-contained functions—like payments and authentication—that work together to deliver a seamless user experience. Developers are able to efficiently focus on one service at a time, without disrupting the functionality of the rest of the application.

While the benefits of MSA are manifold, the fact that it operates with various individual components means that organisations need to have consistent policies for authentication and authorisation across each segment. This added security risk can be a significant barrier in a company’s plans to modernise its architecture—but it’s one that can be overcome.

The value of moving to microservices

Whereas monolithic architecture can be static and hard to scale, MSA provides enterprises with the flexibility they need to modernise their organisation and accelerate their pace of change. Migrating from a monolithic system to an ecosystem of microservices is a big move, but one that can enhance core capabilities, and the ability to deliver value faster.

Microservices provide a wide range of benefits over their monolithic counterparts:

  • They’re more cost-effective to create, update, scale and support
  • They enhance productivity and the speed at which applications can be developed
  • They provide reusable, scalable, and independently developed services, as well as simple and lightweight messaging systems and protocols
  • They allow separate teams to tweak, update, and test various components at the same time

Transitioning to this approach, developers can be selective over where they deploy specific components of their application without disrupting the customer experience. They also have greater flexibility in choosing the tools they work with, as each microservice can be designed with a different programming language or technology—as long as it can still easily communicate with the other functions of the application.

Slow and steady wins the modernisation race

With these benefits in play, it’s tempting to skip ahead and jump right into MSA. But doing so without understanding the potential operational and security risks would be a mistake.

Before effectively adopting microservices, companies need to start by setting the stage within their own development teams. That means investing in the right development tools, training employees to work within a microservices environment, and establishing security considerations for each step of the development lifecycle.

By having a large number of autonomous components, applications built with MSA allows employees, customers, and third-party applications to be authenticated across dozens or hundreds of services instead of just one. Without a centralised system for overseeing these processes, each microservice would have to run its own authentication logic—which would be both inefficient and costly. Organisations opting to adopt microservices need to be ready to deploy a robust identity and access management strategy that helps them further optimise their applications.

While working on these initiatives, incorporating containerisation can help make monolithic application deployment more agile. As a step towards microservices architecture, containerising pieces of the application allows developers to run various services on different machines, making it easier to address issues in an isolated manner, without compromising the entire application.

Focus on secure and seamless access

With microservices, it’s key to develop a strategy for implementing strong identity and access management so that you can easily protect the various discrete services and dynamic infrastructure under MSA. This can include token-based authentication, where encrypted tokens like a JSON Web Token (JWT) are used to communicate credentials to the server in a secure way.

JWTs can also work in parallel with API gateways, the latter of which are the most common approach companies use to secure their microservices. They create common entry points and translate protocols for every individual microservice as required, reducing overhead for the business and providing a better user experience. API gateways also significantly improve access controls by verifying JWTs and setting up central and consistent security policies across services.

Incorporating centralised identity management is critical for securing your microservices. Okta’s suite of CIAM products have all been designed to run authentication and authorisation for microservices with a centralised approach. And Okta’s API Access Management helps you innovate quickly by securing access between microservices.

Meanwhile, our Advanced Server Access solution centralises access control, providing seamless access to on-premises, hybrid, and cloud infrastructure, while reducing the risk of credential theft and account takeover.

Just as our personal computing habits have shifted towards using multiple smaller devices, enterprises are realising the vast benefits of moving from their vast monolithic architectural pasts to the microservices of the future. To do so securely, they must embrace the benefits of a centralised identity strategy.

Want to learn more about securely transitioning to microservices? Take a look at our Oktane presentation on securing microservices with API Access Management. And check out our other blogs on the subject, Microservices Drive Flexibility. But Where Does Identity Fit In?, When It Comes to Microservices, Identity and Access Management Is Key, and Microservices vs. SOA—What’s the Difference?