Modern cloud-native applications are composed of dozens of loosely coupled microservices, enabling developers to create complex applications with great ease and speed. This type of architecture constantly changes based on customer needs, and the decoupled nature of microservices enables developers to push new code and functionality frequently. The connectivity and communications among microservices are via application programming interfaces (APIs) such as REST, gRPC, and GraphQL.
In cloud-native applications, a single client’s web request (i.e., north-south traffic) that hits your Kubernetes® cluster can spawn tens or even hundreds of API calls between internal microservices (i.e., east-west traffic). It is never enough to only secure the frontend web interface of your cloud-native application—you must also apply rigorous application-layer protection for your cloud-native APIs.