Serverless Security
Securing Serverless Architectures: Challenges and Solutions
Tackle Serverless Security ChallengesTable of Contents
What is serverless?
Serverless is a cloud-native development and deployment model that abstracts underlying servers and other infrastructure. Without having to concern themselves with lower-level compute resources (including versioning, provisioning, patching, upgrades, etc.), developers can build applications more quickly with fewer lines of code. In addition, serverless platforms available from large public cloud providers feature automatic scaling, built-in high availability, and a pay-for-use billing model that is very appealing compared with other cloud-based or on-premises cost models.
Defining some of the key terms further:
Cloud-native
Cloud-native technologies enable organizations to build and run scalable applications in modern environments, including dynamic environments such as private, public and hybrid clouds.
Common elements of cloud-native computing include containers, microservices, serverless functions, declarative APIs and what’s known as immutable infrastructure — i.e., infrastructure that includes servers that aren’t modified after being deployed but are, rather, rebuilt from a common image.
What results is a loosely coupled, resilient, manageable and observable system that, if robustly automated, enables engineers to frequently make impactful changes with little effort.
In large part, serverless is about culture and how to reshape teams to utilize flexible computing for speed and agility. With serverless, complex applications can be broken down into bite-sized pieces, gaining automation and efficiency.
Serverless
These are key technologies that support cloud-native and DevOps techniques. Some common capabilities include:
- Functions-as-a-Service (FaaS)
- Containers (Kubernetes, Docker)
- Infrastructure-as-Code (IaC)
- Platform as a Service (PaaS)
AWS Lambda
Released in November 2014, AWS Lambda was the first serverless FaaS offering by a public cloud provider. Node.js and Python are leading languages used by developers to write single-purpose, event-driven functions that get executed by the AWS Lambda service.
Microsoft Azure Functions, Google Cloud Functions, and IBM Cloud Functions are other examples of FaaS offerings.
Microsoft Azure Functions
Microsoft introduced Azure Functions in March 2016. This is the Functions as a Service (FaaS) environment for Microsoft Azure, Microsoft’s cloud computing platform. The initial release enabled developers to implement events in a variety of languages (JavaScript, C#, Python and PHP), as well as scripting options like Bash, Batch and PowerShell.
Contrast Serverless Application Security supports AWS Lambda and Microsoft Azure Functions, and enables customers to scan for security vulnerabilities on multi-cloud environments.
What is serverless security?
Serverless security is the layer of protection added to the applications to secure code functions within the applications hosted by cloud providers, giving developers compliance and security posture over applications they are developing.
Serverless security could have risks when it comes to increased attack surfaces, insecure configurations, and broken authentication.