Modern Security Best Practices for Microservices & Distributed Systems

We should be thinking about security in multiple layers like an onion. If you can get past one layer, you can't get past the rest. The closer you get to critical business data, the more security we need.

Cloud providers have security teams that do deep security testing so you don't have to.
Cloud providers have physical security that most data centers don't have. This includes hardware security (pulling out machines or putting in machines).
We need to encrypt anything. Any time data is moving over a network, it needs to be encrypted. Any time data is at rest it should be encrypted.
We should use dynamic, time-based and revokable credentials.
You shouldn't need a PhD in cybersecurity to secure an application.

Secrets management should be something that's dynamic and changing.

HashiCorp is an open source tool that acts as a single, central source for secrets management.

Think of it as an encrypted value store.
Everything is encrypted in transmission.
Can do any CRUD operations for secrets.
Everything is an API call under the hood.
Vault can be used purely to encrypt and decrypt data as part of the transit API.
You can use vault to dynamically provision users for connections.