Service Mesh Architecture

How an enterprise service mesh will ensure zero trust security for multi-cloud applications

An enterprise service mesh will help organizations manage their micro application services and usher legacy apps into the cloud.


In brief

  • With a service mesh, companies can enhance their microservices architecture by creating robust enterprise applications.
  • It can be a challenge to implement security rules seamlessly across microservices written in many languages.
  • An enterprise service mesh offers a common foundation to integrate third-party code or teams.

According to one study, adopters of multi-cloud are 1.6x times more likely to exceed their organizational performance targets.

A multi-cloud approach, however, is not without challenges. Organizations need to build composite technology stacks with a great deal of orchestration; overhead costs increase as they need to avail services from various vendors; and with more vendors, ensuring security becomes a bigger challenge. Adopting a microservices architecture can help organizations address most of these concerns.

In fact, cloud-based microservices are not an entirely new concept. In 2009, one of the leading OTT platforms was facing issues with its IT infrastructure, as it could not keep up with the demand for its rapidly growing video streaming services. The company migrated its IT infrastructure from private data centers to a public cloud and replace its monolithic architecture with a microservices architecture. The OTT platform became one of the first companies to successfully migrate from a monolith to a cloud-based microservices architecture at scale.

Microservices or microservices architecture is a cloud-native architectural approach in which a single application is composed of many loosely coupled and independently deployable smaller components or services. They communicate with one other using a combination of REST APIs, event streaming, and message brokers. Applications are evolving into collections of functions and microservices, with everything becoming described in code. However, it is a challenge to operationalize security rules that can function seamlessly across the various technologies that developers use to build and deploy cloud-native applications. To address these challenges, organizations must adopt an enterprise service mesh. 

 

Service mesh ensures visibility   

 

Implementing a service mesh provides certain functionalities to manage and control communication relationships between microservices. Whether it is out-of-the-box security features such as authentication systems for legitimate users, role- or attribute-based access control for authorized user actions, secure channel communications between services using Mutual Transport Layer Security (mTLS), or real-time policy enforcement for workload protection based on requirements and platform, enterprise service mesh platforms offer holistic security capabilities that can be implemented for all microservices at scale.

 

Service mesh platforms for enterprises come with deep visibility into application and microservice behavior, such as measuring, correlating, and mitigating Service Level Objective (SLO) violations, gathering consistent metrics for all apps, providing a single point of view for all microservices and their data flow in real time, among other salient features.

 

The question that arises is: is this for my organization? Yes, if:

  • You have microservices written in many languages that may not follow a common architectural pattern or framework (or you are in the middle of a language/framework migration).
  • You are integrating third-party code or inter-operating with teams that are a bit more distant, and you want a common foundation to build on.
  • Your organization keeps “re-solving” problems, especially in the utility code, and you are not able to resolve problems with conventional cloud services. 
  • You have robust security, compliance, or auditability requirements that span services.
  • Your teams spend more time localizing or understanding a problem than fixing it.

Achieving zero trust

Prior to the advent of service mesh, achieving zero trust was complex. Trust required tooling to manage certificates for services and workloads, as well as service authentication and authorization. However, service mesh implementations provide authentication and authorization identities through a central authority that provides certificates for each service.

ey-kubercluster
ey-kubercluster-2-v2

Without an enterprise service mesh platform, contemporary applications with a microservices-based architecture would have a much larger overhead in terms of design, development, and maintenance. Right from maintaining separate business logic and configuration specs to complex authentication and authorization implementations that are custom to the application, developers will have to spend a lot of time gluing together disparate technology components.

With an application developed through a service mesh implementation, developers can let the platform do much of the heavy lifting in terms of inter/intra communication, traffic routing between microservices, load balancing, policy enforcement, workflow and configuration safeguards. This allows development teams to focus primarily on using the right design patterns, efficient business logic, and other aspects.

ey-kubercluster-3-v2

A service mesh improves the microservices architecture as it enables companies or individuals to create robust enterprise applications, made up of many such microservices on a hosting platform of their choice.

An enterprise service mesh solution allows developers to focus on adding business value to each service they build, rather than worrying about how each service communicates with the rest. For DevOps teams that have an established production continuous integration and continuous deployment (CI/CD) pipeline, a service mesh can be essential for programmatically deploying apps and application infrastructure to manage source code and test automation tools seamlessly.

Summary 

Organizations use multiple cloud service providers to improve performance through speed and agility, but also must contend with different technology stacks, higher costs, security risks, and limited visibility of communication between the loose combinations of cloud-based microservices and applications. Adopting an enterprise service mesh allows organizations to manage and monitor microservices, including security features. This system can manage traffic and rules, allowing developers to focus on other beneficial tasks.

About this article

Related content

Tech Trends: how businesses can adopt Zero Trust Architecture for cybersecurity

Explore how businesses can adopt zero-trust architecture for cybersecurity in EY's Tech Trends podcast. Strengthen your cyber defenses. Tune in now!

14m 38s

Chapter IV: How cloud adoption lets untethered enterprises soar

Cloud computing has reshaped the way organizations do business. Learn more about the emerging trends of cloud adoption.

Chapter III: Zero Trust— the vigilant enterprise

The Zero Trust Architecture (ZTA) approach of cybersecurity works on the principle of don’t trust; always verify, where access is limited for all entities and continuously evaluated.