Pengamanan Arsitektur Microservices pada Aplikasi Perusahaan: Strategi dan Implementasi

Authors

  • Ibnu Muakhori Institut Teknologi dan Bisnis Visi Nusantara Bogor
  • Nurul Syamsiah Politeknik Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v19i1.116

Keywords:

Microservices, Cybersecurity, Zero Trust, API Security, DevSecOps

Abstract

Peningkatan penerapan arsitektur microservices dalam pengembangan aplikasi perusahaan membawa tantangan baru dalam hal keamanan, khususnya pada komunikasi antarlayanan dan integrasi API. Penelitian ini mengimplementasikan pendekatan Zero Trust, Service Mesh, dan DevSecOps untuk meningkatkan keamanan sistem secara menyeluruh. Metode yang digunakan meliputi penerapan API Gateway, otentikasi berbasis token JWT, konfigurasi service mesh dengan Istio, serta integrasi pipeline CI/CD dengan pengujian keamanan otomatis. Pengujian dilakukan melalui penetration testing, vulnerability scanning, load testing, dan monitoring melalui SIEM. Hasil menunjukkan sistem mampu mendeteksi dan memitigasi ancaman dengan efektif, dengan penurunan risiko serangan hingga 65%, waktu respons rata-rata 210ms, dan tidak ditemukan celah kritikal. Temuan ini menunjukkan bahwa pendekatan terpadu berbasis keamanan sejak awal pengembangan perangkat lunak memberikan dampak signifikan terhadap ketahanan sistem.

References

P. Gupta, "Security in Microservices Architecture," International Journal of Computer Applications, vol. 174, no. 3, pp. 27-32, 2022.

A. Kumar and R. Sharma, "Challenges in Securing Microservices: A Survey," Journal of Computer Science and Technology, vol. 39, no. 5, pp. 983-991, 2023.

M. J. Smith, "Implementing Zero Trust Security Framework for Modern Enterprises," International Journal of Cybersecurity, vol. 18, no. 2, pp. 45-58, 2022.

[4] C. G. Lee, "The Role of Zero Trust Architecture in Microservices," Cybersecurity Innovations, vol. 4, no. 1, pp. 12-25, 2023.

[5] L. Wang and H. L. Zhang, "Service Mesh for Microservices: An Overview and Research Directions," IEEE Transactions on Cloud Computing, vol. 12, no. 4, pp. 1059-1072, 2022.

F. T. Brown, "Service Mesh Technologies and Their Role in Microservices Security," Journal of Software Engineering and Applications, vol. 16, no. 3, pp. 54-64, 2023.

N. R. Bhatti and J. T. Miller, "DevSecOps: Integrating Security into the DevOps Pipeline," International Journal of Software Engineering and Security, vol. 14, no. 2, pp. 33-42, 2024.

S. L. Patel, "DevSecOps and its Impact on Secure Software Development," Journal of Cybersecurity Engineering, vol. 6, no. 1, pp. 88-100, 2023.

V. R. Joshi and A. L. Desai, "Securing Microservices: A Comprehensive Review of Modern Solutions," International Journal of Security and Privacy, vol. 21, no. 2, pp. 72-85, 2023.

T. J. Lambert, "Enhancing Microservices Security with DevSecOps and Zero Trust," Cyber Defense Review, vol. 8, no. 4, pp. 19-31, 2024.

S. Miller and R. Hamilton, "Microservices Security: Best Practices and Considerations," Journal of Information Security, vol. 7, no. 2, pp. 39-50, 2023.

G. K. Singh and H. S. Banerjee, "The Evolution of Zero Trust Security in Cloud-Based Microservices," Journal of Cloud Computing, vol. 11, no. 3, pp. 112-128, 2022.

D. M. Rodriguez, "Challenges of Securing Microservices with DevSecOps," International Journal of Cloud Security, vol. 15, no. 2, pp. 78-91, 2024.

E. W. Peterson, "Microservices: A Secure Architecture for Today’s Enterprise," Journal of Cybersecurity Architecture, vol. 12, no. 3, pp. 46-60, 2023.

C. D. Taylor, "Applying Service Mesh for Secure Microservices Communication," Journal of Distributed Systems, vol. 13, no. 2, pp. 11-22, 2023.

A. S. Lee, "Zero Trust Security for Modern Distributed Systems," IEEE Transactions on Security and Privacy, vol. 19, no. 1, pp. 102-115, 2024.

T. G. Mitchell, "Security Best Practices for Microservices-Based Applications," International Journal of Software Security, vol. 8, no. 4, pp. 54-67, 2023.

H. R. Singh, "Securing Microservices through Service Mesh and Zero Trust Models," Journal of Systems Security, vol. 9, no. 1, pp. 29-43, 2024.

M. R. Ahmad, "DevSecOps: A New Approach to Secure Software Development," Journal of Software Engineering and Security, vol. 16, no. 3, pp. 112-126, 2023.

J. F. Wang, "Service Mesh for Securing Microservices Communication in Enterprise Systems," Security in Computing and Communications, vol. 12, no. 2, pp. 102-117, 2024.

Downloads

Submitted

11-03-2025

Accepted

23-04-2025

Published

25-04-2025

Issue

Vol. 19 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 Info Kripto

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.