In an age of rapid digitization, growth can be so rapid and massive that you cannot react quickly enough. In an effort to keep pace, the software industry has developed new design paradigms and operational methodologies, such as distributed systems, cloud computing, and Agile methodology.
These new ways had one principle in common: crush rock into gravel and you can do more. Thus, from the crushed rock of monolithic system design was born event architecture.
The result was improved efficiency, near infinite scalability, and rapid deployment. However, the security of this architecture remained an understandable concern.
What is Event Architecture?
Event-driven architecture (EDA) is a software design approach in which activities (called events) that occur naturally in a designed system are predefined and used to orchestrate the collective operation of the independent modules of a microservice application. . These events can be discrete actions (such as a button click) or a stream of actions that cause a significant change in the state of the system or business process.
EDA is an increasingly popular method for connecting microservices and managing how applications perform tasks in response to events from other systems. Typically, an event system includes:
- A producer, also called an event generator, an event channel or router that collects and queues these events into a stream for transmission
- A consumer who subscribes to events and acts accordingly
Just as a notification can lead you to a message, events are not actions themselves; these are records of activity. An event contains information about the action that triggered it, the intended consumer, and its playback state. This data is transmitted to the respective consumers, who respond by performing the necessary tasks. Events can be:
- User-generated (like clicking a “Favorite” button in a music streaming app)
- System generated (as a series of scheduled database maintenance activities)
- Derived from an external source (such as data generated by an IoT device’s sensor)
Security Implications of Event Driven Architecture
EDA offers amazing benefits once implemented. Since it doesn’t require point-to-point integration, you can quickly develop and deploy multiple instances of any module for seamless scaling. It also offers minimal latency and redundancy, and its isolated modules promote unparalleled flexibility. However, it is important to carefully consider the complexities and security risks of the migration process and the established EDA.
The challenges of migrating to an event-driven architecture
It’s never easy to crush a rock, but it’s far from impossible. Moving an existing application from traditional architecture to EDA requires significant resources and development time. Also, while building something new can be exciting, reworking the old can be under-stimulating, especially when it still seems functional. This can sometimes lead to the postponement of such a drastic transition. However, this transformation can be quite enlightening, both from a technical and operational point of view.
Developers perceive EDA to be inherently complex, especially for companies with complex processes. There is concern that EDA does not effectively capture the critical aspects of a business and that monitoring and debugging the system is more difficult due to the lack of a centralized structure. However, this complexity does not disappear simply by opting for a different architecture.
Monitoring and debugging are easier with tracing tools suitable for distributed systems, proper encapsulation of individual services, and a thorough understanding of individual service functions and the events that should trigger them. With complex event processing, you can even set up alerts to draw your attention to suspicious activity. Overall, EDA rewards your efforts with a system you can control and maintain more easily.
Additionally, the process of creating an EDA is so granular that it requires you to take a rare, close-up view of your solution and business processes. By taking your business apart, piece by piece, you can rebuild it into something more efficient, relevant, and scalable. However, that doesn’t mean much if your implementation plan doesn’t sufficiently consider security.
Fortunately, even these challenges can be mitigated with proper design and implementation. With a thoughtful approach, you can enact strict rules on how services interact with each other and identify potential points of failure to make them safe.
While the primary security concern with EDA is that its architectural model creates more potential weak points for attack vectors, these security issues become apparent in the migration process.
Each producer or consumer added to the system creates a new potential vulnerability. In practice, this singularity of services can also bring advantages in terms of security. Designing microservices with EDA as the backbone can effectively isolate individual services and components.
With EDA’s democratized communication system, components seem to have increased access to data generated in the system compared to a point-to-point model. From a security perspective, this is not good news. Every access point is an opportunity for data leakage or compromise, especially if there aren’t enough restrictions. As the complexity of EDA increases and requires the addition of new components, this concern only increases.
Fortunately, it is possible to manage data access and interactivity between components of an EDA. You must be diligent in your design and implementation plan. You need to have strict rules about how services interact with each other and with events. Using mission-critical encryption protocols, you should also make sure to protect sensitive data in transit or at rest, and only decrypt data with the service designated to consume this event.
Best Practices for Mitigating Security Risks in Event-Driven Architecture
Most likely, your app is handling information that you need to protect, such as personally identifiable information or private messages. For a small application, you can avoid storing sensitive data on disk since the data is usually in transit. You can get away with this by making sure your data isn’t persisted anywhere and that connections are over HTTPS and TLS. However, storing this information may be unavoidable to minimize latency and built-in fault tolerance at scale time. In this case, you must secure this data, both when it is at rest and when it is in transit.
You can encrypt the message on the client side before sending it to the event router or message broker. The event producer encrypts the data while only the intended consumers have the private key needed to decrypt the information. A framework or library like NServiceBus can help here. This way you protect data stored in local storage or logs from prying eyes.
Alternatively, if your event router (Amazon SQS) supports server-side encryption, you can let it encrypt sensitive data. The router can encrypt the data as soon as it receives it and decrypt it just before transmitting it to the designated consumer. This ensures encrypted data while at rest.
If classic point-to-point integrated microservices were an apartment building with independent but adjoining apartments, EDA would be a housing estate with several blocks of houses. Each housing unit is functionally independent of the other, but this does not mean that there will not be shared facilities such as roads, post office or sewage system. As close neighbors interact more and with fewer restrictions, other neighbors can reach out when needed.
Similarly, in an event-driven microservices system, you create a decentralized system where each component is fundamentally independent but still within reach of other components. While this gives you something you need – a more resilient, scale-ready application – it can also be a daunting task and a source of multiple weak points.
Fortunately, we can mitigate these challenges with a thoughtful and effective design and implementation strategy.