Enabling Identity Management for Microservices and Cloud-Native Apps


Cloud access security brokers (CASBs) enable organizations to extend their internal security policies to cloud-based applications and services. A CASB serves as a sort of gatekeeper, sitting between an organization’s onsite infrastructure and the cloud. It can be deployed as an on-premises software tool or a cloud-based service, and may use proxies or APIs to monitor traffic and enforce policies. Gartner has predicted that 85 percent of enterprises will use CASBs by 2020, up from fewer than 5 percent today.

CASBs help organizations enhance the security of cloud services, but what about applications that are developed on cloud-native platforms? Increasingly, organizations are developing cloud-native apps using microservices architectures that break up the app into loosely coupled components. Microservices are popular because they can accelerate application development by enabling developers to work in parallel. Application components can be developed in any programming language and can communicate through a variety of lightweight mechanisms such as RESTful APIs or simple text-based protocols, enabling software to be delivered across virtually any on-premises and cloud environment.

However, while microservices-based applications can withstand external attacks better than traditional monolithic applications, they can complicate identity and access management. You have to incorporate access controls into each component, which can create enormous overhead if not managed properly.

ForgeRock is helping to resolve this challenge by extending its open platform identity management solutions to Pivotal Cloud Foundry, a powerful cloud-native platform. The ForgeRock Service Broker for Cloud Foundry allows organizations to leverage the ForgeRock Identity Platform to easily protect cloud-native applications, microservices, and Internet of Things (IoT) implementations.

Developers working on the Cloud Foundry platform can easily ensure a persistent identity that is portable across clouds for people-to-service and service-to-service (API-to-API) use cases. The service broker supports standards, including OAuth2, for enabling protection of applications running on all variants of Cloud Foundry.

The newly released version 2.0 of ForgeRock’s Service Broker for Cloud Foundry supports Cloud Foundry’s Route Services feature, which makes it easy to intercept application requests and redirect them to the ForgeRock Identity Platform for authentication and authorization checks. This enables organizations using ForgeRock to extend the reach of their Cloud Foundry applications by building identity relationships across all clouds. Additionally, the offering promotes DevOps by enabling developers to deploy new features and capabilities more quickly than before.

ForgeRock also recently announced new distributed identity microservices that enable organizations to colocate identity services on each cloud. This standards-based architecture can eliminate the need for all identity transactions to “phone home” to a centralized service, minimizing performance-sapping overhead and supporting massive scale.

Microservices architectures are gaining steam as organizations look to migrate monolithic, on-premises applications to the cloud to reduce complexity, improve agility, and create maximum scalability. As with any emerging technology approach, organizations must plan carefully to ensure that strong security is baked in. ForgeRock’s Service Broker helps organizations implement consistent access controls across microservices environments by extending their identity and access management platform to cloud-native apps.


For more information about Identity Management, please send us an email at (

Leave a Comment