This post originally appeared on The New Stack.
So you’ve decided to deploy serverless functions, and you need to know how to keep them secure. If you’re in that boat, this article’s for you. Keep reading for tips on serverless security best practices.
The Pros and Cons of Serverless Security
In some respects, serverless microservices are inherently more secure than other types of production software. That is true chiefly because a serverless environment removes a number of components that you need to maintain in traditional software environments. There is no operating system (well, there is, but it runs in the background and is pretty strictly isolated from your functions), there is no network interface for you to worry about, and so on.
All of this means that there are fewer potential attack vectors for the bad guys to exploit, and for you to have to secure.
At the same time, however, serverless computing creates new security challenges that you wouldn’t face with more traditional cloud-based deployments, like virtual servers. They include:
- Visibility challenges. Monitoring your serverless functions is more difficult in some respects. Traditional monitoring tools often aren’t designed to support serverless microservices, and your ability to collect log data from serverless events is limited.
- Denial-of-Service attacks.These aren’t unique to serverless, but the outcome can be. If an attacker can find a way to execute a vast number of serverless events , they could not only disrupt legitimate services but also tack a very hefty fee onto your cloud-computing bill.
- Dependency on external resources. Many serverless workloads are designed in such a way that they rely heavily on external resources, such as databases or third-party libraries, in order to achieve their tasks. These dependencies create additional potential security risks, especially if you don’t understand them well
- Access control. Related to the previous point, striking the right balance for access control can be tricky for serverless functions. You need your functions to be able to access the external resources they rely on. At the same time, however, you need to avoid giving them access that they shouldn’t have. Granting the right level of access requires careful review of your functions’ needs and should be as minimal as possible. For example, if your function doesn’t need to talk to your database, make sure it’s on a separate virtual network.
Best Practices for Maximizing Serverless Security
Fortunately, all of the serverless security challenges listed above can be addressed. When you adjust your security strategy to accommodate serverless microservices, keep the following best practices in mind.
Write (Especially) Secure Code
Obviously, we all know that we should always strive to write secure code. And what “secure code” means can vary quite a bit depending on context and perspective. So being told to write secure code may seem silly to any IT professional.
When it comes to serverless, however, there are specific things that everyone should be doing to write secure code. One is ensuring that anything that your functions import is secure. Don’t rely on third-party libraries or functions if you can’t trust them. Another is breaking your sets of functions down as much as possible. Have each function do a specific thing, and nothing more. Use vulnerability management tools early in the development lifecycle to identify and fix problems before they ever make it to production.
Monitoring has value that every IT professional recognizes. Here again, though, there are some special points to make about monitoring serverless functions.
It can be easy to overlook serverless environments within your monitoring workflows because they are not always running, and the data available for you to collect from them is limited. That does not mean, however, that you get a pass on monitoring when it comes to serverless. You can and should take advantage of tools (both those provided by your cloud vendor, as well as third-party solutions) that enable performance and security monitoring for serverless.
Minimize Access Privileges by Default
From a security perspective, it’s safest to keep access privileges within your serverless environment to a minimum by default, and increase them manually where needed. It will require some work to get this right, and there is always a risk that a lack of permissions could negatively impact functionality. But the extra effort is well worth it if it means preventing someone from taking control of your serverless functions or the external resources that they can access.
One of the reasons why serverless functions, along with other new infrastructure technologies such as containers, have become so popular is that they make it easy to break complex applications into small, discrete parts. This ability can not only improve agility, but also security.
You want to be sure to take advantage of this feature to maximize serverless security. Each function that you write should contain the minimal amount of code, permissions and external dependencies necessary to achieve its goals. Anything else is just unnecessary potential for attacks.
Serverless functions can not only improve your infrastructure’s scalability and cost-efficiency, but also provide new opportunities for securing your workloads. That is only true, however, if you take steps to address the special security challenges that serverless functions create, such as complex access control configurations and limited native monitoring functionality.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.