Cloud Security Alliance Paper Offers Executive Management Guidance on Factors to Consider When Implementing Serverless Architectures
April 21, 2022The Cloud Security Alliance (CSA) released its C-Level Guidance to Securing Serverless Architectures. Written by CSA’s Serverless Working Group, the paper provides CISOs, CIOs, security and risk management professionals, and others involved in administering and managing systems, with a high-level business overview of serverless computing and the accompanying risks and security concerns that come when implementing a secure serverless computing solution.
As businesses work to bring technology value to market faster, serverless platforms are gaining adoption with developers as they provide a more effective way to move to cloud-native services without managing infrastructures such as container clusters or virtual machines. In response to serverless architecture’s growing appeal, the paper examines the business benefits of serverless architectures – such as agility, cost, and speed to market – with a focus on serverless application security and industry-wide best practices and recommendations for implementation.
Despite the security challenges, when used properly, serverless capabilities can provide security benefits when compared to transitional applications, including stateless and ephemeral components, inherent data compartmentalization, and, in some cases, simplified patching.
“Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure, however, as with any emerging technology, serverless brings with it a variety of unique cyber risks. The evolution of any technology is inevitably followed by the evolution of threat actors looking to exploit its vulnerabilities. It’s critical, therefore, that new technologies are adopted carefully and that proper diligence is undertaken,” said Aradhna Chetal, one of the paper’s co-authors and co-chair of the Serverless Working Group.
The report examines three critical security areas for serverless applications, namely threats that stem from actions taken by:
- application owners when setting up infrastructure to host an application
- application owners during the process of deploying their applications
- the entity providing the service and/or infrastructure to application owners
“Serverless adoption is bound to grow and become mainstream due to the ease of improved developer efficiencies and the reduced management of infrastructure and other dependencies. As the use of serverless computing increases, executives need to be aware of the opportunities and challenges inherent to these technologies,” said Vishwas Manral, one of the paper’s co-authors and co-chair of the Serverless Working Group.
The Serverless Working Group seeks to develop best practices to help organizations looking to run their business with a serverless business model. Individuals interested in becoming involved in future serverless research and initiatives are invited to join the working group.
Download C-Level Guidance to Securing Serverless Architectures now. Those looking to learn more about serverless computing are encouraged to read How to Design a Secure Serverless Architecture.