Authors: Rina Kartika
Abstract: Microservices architecture has become a widely adopted approach for developing scalable and flexible applications by decomposing systems into independently deployable services. However, this distributed and loosely coupled nature introduces significant security challenges, including increased attack surfaces, inter-service communication vulnerabilities, and complex identity management. This paper presents a comprehensive review of security mechanisms in microservices architecture, focusing on strategies to ensure confidentiality, integrity, and availability of services and data. It examines key security practices such as API gateway protection, service-to-service authentication, encryption of data in transit and at rest, and the implementation of zero-trust security models. The role of container security, orchestration platforms like Kubernetes, and service mesh technologies in enforcing security policies is also discussed. Additionally, the paper highlights the importance of DevSecOps practices, continuous monitoring, and automated threat detection in maintaining secure microservices environments. Challenges such as scalability, policy management, and integration with legacy systems are analyzed, along with emerging solutions. The review concludes that a layered and integrated security approach is essential to effectively mitigate risks in microservices-based systems.
DOI: https://doi.org/10.5281/zenodo.19654386
