As organizations transform and containerize their business critical applications with the objective of making them ready for deployment in to various Cloud platforms, they are also need to address application security. There are several considerations to achieve varying levels of security for your cloud native app. Let’s take a look at how Kong can help make this process easier:
Access Restrictions, RBAC and Traffic Restrictions
Kong API gateway can tie into your existing AD/LDAP setup and map to existing groups and users to provide role based access control (RBAC) in front of your cloud-native app. By setting up access rules in Kong, you can restrict the traffic consuming your application to specific IPs or DNS addresses. You can also easily manage and update these rules so that they can be tweaked based on the type of application and the desired functionality. For example, you can create a security profile for web-based applications that automatically allow incoming traffic on ports 80 and 8080, but block all other ports.
Throttling
If your back-end infrastructure is not yet able to handle large spikes of incoming application requests, or if you would like to maintain a set rate of incoming requests into a queue to accommodate for processing times, you can throttle the API calls to be limited to a fixed number using the Kong API gateway. Such throttling can help deter any DDoS based attacks, especially if your critical applications are exposed to the outside network.
Canary Testing and ‘Promote to Production’
Kong allows you the ability to gradually and smoothly transition the workloads from your lower environments to higher environments and thereby automate the ‘promote to production’ process. By defining destination ‘weights’ for the incoming traffic, you can initially assign a higher weight to the lower environment, and as the results are hardened, you can reduce weight for your test end point and increase it for your production end point. This allows you to reduce the deployment risks and also release new patches and updates with zero downtime.
Additionally, Kong offers a number of free plugins that can be used with its community opensource edition. By leveraging a base Kong API gateway with the Bot Detection plugin, you can protect your application service from most common attack bots, and also allows you to blacklist or whitelist specific traffic sources.
Keyva helps fortune 500 organizations evaluate their existing business application portfolios and transform their applications to cloud-native architectures. Keyva can help you deliver new agile technical capabilities and drive adoption. If you’d like to have us review your environment and provide suggestions on what might work for you, please contact us at [email protected]
Anuj joined Keyva from Tech Data where he was the Director of Automation Solutions. In this role, he specializes in developing and delivering vendor-agnostic solutions that avoid the “rip-and-replace” of existing IT investments. Tuli has worked on Cloud Automation, DevOps, Cloud Readiness Assessments and Migrations projects for healthcare, banking, ISP, telecommunications, government and other sectors.
During his previous years at Avnet, Seamless Technologies, and other organizations, he held multiple roles in the Cloud and Automation areas. Most recently, he led the development and management of Cloud Automation IP (intellectual property) and related professional services. He holds certifications for AWS, VMware, HPE, BMC and ITIL, and offers a hands-on perspective on these technologies.
Like what you read? Follow Anuj on LinkedIn at: https://www.linkedin.com/in/anujtuli/
Join the Keyva Community! Follow Keyva on LinkedIn at: