Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to Cloud-native services without managing infrastructures like container clusters or virtual machines. As businesses work to bring technology value to market faster, serverless platforms are gaining adoption with developers.
Like any solution, Serverless brings with it a variety of cyber risks. This paper covers security for serverless applications, focusing on best practices and recommendations. It offers an extensive overview of the different threats focusing more on the Application Owner risks that Serverless platforms are exposed to and suggest the appropriate security controls.
From a deployment perspective, organizations adopting serverless architectures can focus on core product functionality without being bothered by managing and controlling the platform or the compute resources with their respective load balancing, monitoring, availability, redundancy, and security aspects. Serverless solutions are inherently scalable and offer an abundance of optimized compute resources for the “Pay as you go” paradigm.
Further, from a software development perspective, organizations adopting serverless architectures are offered deployment models under which the organization is no longer required to manage and control the underlying operating system, application server, or software runtime environment. As a result, such organizations can deploy services with less time to market and lower their overall operational costs.
This paper›s recommendations and best practices were developed through extensive collaboration among a diverse group with extensive knowledge and practical experience in information security, cloud operations, application containers, and microservices. The information is intended for a wide variety of audiences who may have some responsibility in Serverless environments.
