Monzo built network isolation for 1,500 services to make its app more secure by building a zero-trust platform, truly the future of #microservice-based application design via @monzo @JackKleeman

We’ve been working on isolating the 1,500 services that power Monzo. The sheer size and complexity of our platform made this difficult. But by protecting us against compromised services, it makes Monzo more secure. 

In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we’d be able to run malicious code inside our platform with no risk – the code wouldn’t be able to interact with anything dangerous without the security team granting special access.

The idea is that we don’t want to trust just anything simply because it’s inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they’re allowed to interact with. This makes an attack substantially more difficult.

Sourced through Scoop.it from: monzo.com

WHY IT MATTERS: this short post explains the lengths you have to go through to secure a microservice-based application. Basically there is no trust between services, making hacking attempts difficult because success would require a large number of breaks. Interesting to see the effort required to deploy this for 1500+ services and not impact performance or developer productivity… 

Farid Mheir
farid@mheir.com