Editor’s pick of the highlights from the past week.
We built network isolation for 1,500 services
Jack Kleeman, Monzo
In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we’d be able to run malicious code inside our platform with no risk – the code wouldn’t be able to interact with anything dangerous without the security team granting special access.
The idea is that we don’t want to trust just anything simply because it’s inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they’re allowed to interact with. This makes an attack substantially more difficult.
In this blog, Jack outlines their thought process and includes examples of their test policy code.
CNCF Prometheus Project Journey Report
Prometheus is a widely-adopted open source metrics-based monitoring and alerting system. Initially developed at SoundCloud to solve end user needs, Prometheus is now hosted by the Cloud Native Computing Foundation (CNCF). This report attempts to objectively assess the state of the Prometheus project and how CNCF has impacted the progress and growth of Prometheus. This report is one of a series of project journey reports we will be publishing focused on graduated projects hosted by CNCF.