Cloud Computing Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Cloud Computing Outlook
While serverless computing is praised for its simple service-based approach, skeptics have their own complexity and security concerns. Here are a few ways how organizations can take proactive steps to secure serverless cloud computing
Fremont, CA: One of the newest and most complex cloud computing processes evolving these days is serverless computing. Cloud computing is expressed at its fundamental level with serverless computing, without any need for organizations to run on long-lived servers. Serverless computing is sometim
es referred to as Functions-as-a-Service and Event-Driven Computing too. With new technological advancements, serverless computing also brings new technology risks with it. While serverless computing is praised for its simple service-based approach, skeptics have their own complexity and security concerns. Some of the common threats associated with serverless computing are vendor security, multi-tenancy, encryption, injection attacks, and other component vulnerabilities. Here are a few ways how organizations can take proactive steps to secure serverless cloud computing.
Reduce Serverless Permissions
Functions that have more permissions than what they actually need, poses the greatest threat to serverless computing. Serverless computing makes it possible to reduce the attack surface considerably by implementing the least privilege model for all functions. The number of privileges can be reduced during the development phase for a function, with automated checks set up in staging environments. It is also possible to see which privilege a running function actually uses by profiling the function behavior. This helps an administrator to dial down the access only to the required privileges.
Consider Third-Party Security Tools
Though serverless platform providers integrate security controls, they are limited in scope. The integration focuses just on the platform on which the functions run. The providers must take into consideration the third party tools and technologies that give additional layers of control and visibility for serverless computing.
Enforce Authentication
Access control and authentication is required to limit the risk for all functions that call out to a service, be it internal to the same cloud provider or not. Cloud providers also offer guidance on best practices for implementing serverless authentication; which administrators should follow.
Log Function Activity
As serverless functions are event-driven and stateless, focusing on a real-time activity will often miss majority of the activities. Cloud provider (or third party) logging and monitoring for serverless makes it possible to have an audit trail that can be useful when threat hunting is required.
See Also :- Top Cloud Communications Solution Companies
