Abstract:
In this paper we investigate how can be provided security of an information system, which uses a microservice architecture. So, using of microservice architecture means that information system can be easily developed, deployed, and tested, but, on the other hand it means that it should be protected differently than the information system using monolith architecture. Firstly, a software architect should decide if each service should be protected separately or should be better to protect the system on the whole. Choosing the right way of protecting is very important, because, in some cases, protection of each service separately is not the best idea, as this could lead to code duplication. This means that, in case of necessity of changes a piece of code or fixing a bug it should be done everywhere this code appears. To avoid this, there are developed some services - so called gateways, which, also, very often have implemented the function of user/client authentication and authorization using protocol OAuth 2.0. Anyway, at each stage of development and implementation of a software product, it is necessary to solve many security related problems, and if it will not be done properly, then the company may incur enormous material losses or even may be closed.