If you’re a fan of Costco, you know that it has an almost cult following; I am one of the proud cult members who makes most of my family’s big purchases through Costco Online. Early on the morning of Black Friday, I logged into Costco Online to take advantage of deals. I added items to my shopping cart with no problem, but when it was time to checkout, I received the following message:
“The website is currently experiencing longer than normal response times. Please note that all Thanksgiving Day-only promotions have been extended into Friday, November 29th, WHILE SUPPLIES LAST. We apologize for any inconvenience.”
According to outage tracking site Downdetector, Costco’s e-Commerce site went down for more than 16 hours between Thanksgiving day and Black Friday. The outage impacted an estimated 2.65 million customers who were trying to access the web site, costing the retailer an estimated $10,924,650 in lost sales.
Costco wasn’t the only website to experience performance issues over the Thanksgiving weekend. Many other sites, such as H&M and Nordstrom Rack, also had slowdowns and outages.
Behind the Slowdowns & Outages
The slowdown and outages could have happened for a myriad of reasons – programming errors, bot and denial of service attacks, application security issues, other operational issues such as scalability and availability problems, lack of visibility or errors in deployment due to lack of automation, just to name a few.
As enterprises transition to the cloud, many are using microservice architecture to implement business applications as a collection of loosely coupled services to enable isolation, scale, and continuous delivery for complex applications. Despite the advantages of doing so (resource footprint, instantiation time, better resource utilization), you have to balance the complexity that comes with a distributed architecture with the application security and scale requirements, as well as time-to-market constraints.
Adopting containers doesn’t remove traditional security and application availability concerns. Application vulnerabilities can still be exploited; recent ransomware attacks highlight the need to secure against denial of service and application attacks.
Security AND availability should be top-of-mind concerns in the move to adopt containers. As cyber threats force organizations to tighten security, delivering advanced and secure application services quickly and cost effectively poses a challenge to IT teams. Here are some factors to consider:
Security from the Get-Go
In addition to using built-in tools for container security, traditional approaches to security still apply.
Many API-based microservice applications are accessible over the web and open to malicious attacks. As the hackers probe network and application vulnerability to gain access to sensitive data, the prevention of unauthorized access needs to be multi-pronged as well.
This includes preventing bots and denial of service attacks, checking access levels and validating users before they can access an application, preventing rogue application ports/applications from running in the enterprise, routine vulnerability assessment scans on applications and scanning application source code for vulnerabilities and fixing them, and securing the data at rest and in motion.
Availability & Scalability is Mandatory
A user interacting with a container-based application does not need to know about the application instance that’s serving them. This is precisely the isolation and de-coupling that is required to ensure availability. In addition, look for automated scale-in and scale-out of applications as the traffic patterns change.
Automation Should Be a Given
Even with many benefits that accompany a container-based application, one of the challenges is how to quickly roll out, troubleshoot, and manage these micro-services.
Manually allocating resources for applications and reconfiguring the load balancer to incorporate newly instantiated services is inefficient and error prone. It becomes problematic at scale. A server discovery and automating the deployment of services quickly becomes a necessity.
When deploying microservices that may affect many applications, proactive monitoring, analytics and troubleshooting become critical before they become business disruptions. These may include a micro-service or an application is not meeting its SLA requirements such as latency, security issues, service up ntime, and problems of access.
Organizations should be concerned with ensuring security and availability of their sites. Businesses that have to support complex IT must adopt automation, visibility, analytics and orchestration best practices and tools that fit in with their agile and DevOps processes. The goal is to keep your business highly available and secure without losing development agility.