DEV Community

loading...
Cover image for Serverless Computing: Security And Challenges

Serverless Computing: Security And Challenges

Febna V M
A cyber security enthusiast
・2 min read

Serverless computing has been on the rise for the past few years. Serverless computing is a new economic model to cloud computing that has proven popular and has emerged to be a boon to many companies.

Types Of Serverless Infrastructures

Serverless architectures are cloud-based and service-based. This means that, instead of provisioning and managing their own servers, organizations buy cloud computing services such as the following:

  • Software as a Service, or SaaS, delivers centrally hosted and managed software on-demand to end-users over the internet (e.g, Slack, Jira, Salesforce, HubSpot, etc).

  • Infrastructure as a Service, or IaaS, delivers resources such as networks, data storage, and computers which must be managed by the end-users and offers essential compute, storage and networking resources on-demand, on a pay-as-you-go basis.

  • Platform as a Service, or PaaS, builds on IaaS by allowing users to deploy and run applications on managed platforms. Deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

  • Function as a Service, or FaaS, is a specialized type of PaaS that allows users to develop, manage, and run application functions on managed platforms (e.g, AWS Lambda) without the complexity of building and maintaining the infrastructure.

How Does A Serverless Environment Reduce The Attack Surface?

The greatest advantage of serverless computing is that enterprises can build back-end applications without being directly involved in maintaining and securing servers. Maintaining and patching up the security loopholes is assigned to the cloud provider.

Let’s take a look at some of the major responsibilities of the cloud provider:

  • Patching the infrastructure periodically.
  • Securely configuring the infrastructure with the proper security settings to protect itself.
  • Setting up the proper account management for the infrastructure.
  • Ensure that it only uses currently supported operating systems and software runtimes.
  • Responsible for keeping the software runtime up-to-date and configuring it securely.
  • Securely configuring the database and network connectivity.

Serverless Security Risks & Challenges

However, like any other existing technology, it’s not immune to risks and threats. Some of the security risks faced by serverless computing includes:

  1. Insecure Configuration
  2. Overprivileged Function Permissions
  3. Event-Data Injection
  4. Inadequate Function Monitoring And Logging
  5. Improper Exception Handling And Verbose Error Messages
  6. Insecure Third-Party Dependencies

Read more on the security and challenges of serverless computing and the best practices for enhancing security in serverless applications here

Discussion (0)