Serverless adoption is growing
According to the New Stack, over 75 percent of organizations are already using or planning to use serverless in the next 18 months.* From AWS Lambda to Google Cloud Functions to Microsoft Azure Functions and KNative, enterprises have more cloud provider options than ever before when integrating serverless into their application portfolio.
What is serverless?
Serverless computing provides a way to deploy snippets of code aka functions triggered by predefined events. When serverless technology is deployed correctly, it can save money, time, and resources—all while allowing developers to focus on writing code rather than solving infrastructure issues. Developers don’t need to think about the underlying infrastructure, just their code and the corresponding business logic. Serverless lower financial costs by scaling to zero. When applications aren’t running, they don’t consume computing resources.
Serverless allows enterprises to run snippets of code in the cloud.
Security concerns for serverless applications
Serverless computing removes a number of traditional application security concerns because those responsibilities are transferred to your cloud provider. At the same time, users are still responsible for running their code to these cloud platforms.
Visibility into and identification of vulnerabilities: Traditional vulnerability scanning and security tools often aren’t designed to support serverless microservices, making it difficult to assess vulnerabilities and risk posture of serverless functions. Infrastructure teams and security architects need tools that are purpose-built for this new cloud native computing paradigm.
Denial-of-Service attacks: If an attacker can find a way to execute a vast number of serverless events, they could not only disrupt legitimate services but also leverage your cloud computing resources.
Dependencies on external resources: Many serverless workloads are designed in such a way that they rely heavily on external resources, such as databases or third-party libraries. These dependencies create additional potential security risks, especially if teams don’t understand them well.
Access control risks: Striking the right balance for access control can a challenge for serverless functions. Developers need functions to access the external resources they rely on, developers need to avoid giving them access that they shouldn’t have. Granting the right level of access requires careful review of functions’ needs and should be as minimal as possible. For example, if your function doesn’t need to talk to your database, make sure it’s on a separate virtual network.
Continual function inventory and compliance: As developers continue to deploy functions, security teams may be challenged in identifying all the functions running and how they impact their organization’s compliance goals and overall security posture. Tools that can quickly and continually identify serverless repos and running functions provide value to today’s enterprises.