According to a 2018 survey from The New Stack, over 75% of organizations are using or plan to use serverless in the next 18 months. From AWS Lambda to Google Cloud Functions to Microsoft Azure Functions, enterprises have more cloud provider options than ever before to choose from when integrating serverless into their application portfolio.
Serverless computing provides a way to deploy single functions which are activated only when a specific trigger is called. When serverless technology is deployed correctly, it can save money, time, and resources—all while allowing developers to focus on writing code rather than solving infrastructure issues.
At the same time, serverless does not come without risks. In this talk, Twistlock Principal Solutions Architect Kevin Lewis and Twistlock Product Marketing Lead Keith Mokris will discuss key components of serverless architecture and potential risks organizations need to be aware of, such as:
Visibility and monitoring challenges: Monitoring serverless functions is more difficult in some respects. Traditional monitoring tools often aren’t designed to support serverless microservices, and your ability to collect log data from serverless events is limited.
Denial-of-Service attacks: If an attacker can find a way to execute a vast number of serverless events, they could not only disrupt legitimate services but also leverage your cloud computing resources. These dependencies create additional potential security risks, especially if teams don’t understand them well.
Dependencies on external resources: Many serverless workloads are designed in such a way that they rely heavily on external resources, such as databases or third-party libraries.
Access control risks: Striking the right balance for access control can a challenge for serverless functions. Developers need functions to access the external resources they rely on, developers need to avoid giving them access that they shouldn’t have.
This talk will also cover best practices for serverless security both as functions are built and at runtime.