What is Serverless Security?
Serverless is a cloud-native development and deployment model that abstracts underlying servers and other infrastructure. Without having to concern themselves with lower-level compute resources (including versioning, provisioning, patching, upgrades, etc.), developers can build applications more quickly with fewer lines of code. In addition, serverless platforms available from large public cloud providers feature automatic scaling, built-in high availability, and a pay-for-use billing model that is very appealing compared with other cloud-based or on-premises cost models.
Defining some of the key terms further:
Cloud-native technologies enable organizations to build and run scalable applications in modern environments, including dynamic environments such as private, public and hybrid clouds.
Common elements of cloud-native computing include containers, microservices, serverless functions, declarative APIs and what’s known as immutable infrastructure — i.e., infrastructure that includes servers that aren’t modified after being deployed but are, rather, rebuilt from a common image.
What results is a loosely coupled, resilient, manageable and observable system that, if robustly automated, enables engineers to frequently make impactful changes with little effort.
In large part, serverless is about culture and how to reshape teams to utilize flexible computing for speed and agility. With serverless, complex applications can be broken down into bite-sized pieces, gaining automation and efficiency.
These are key technologies that support cloud-native and DevOps techniques. Some common capabilities include:
- Functions-as-a-Service (FaaS)
- Containers (Kubernetes, Docker)
- Infrastructure-as-Code (IaC)
- Platform as a Service (PaaS)
Released in November 2014, AWS Lambda was the first serverless FaaS offering by a public cloud provider. Node.js and Python are leading languages used by developers to write single-purpose, event-driven functions that get executed by the AWS Lambda service.
Microsoft Azure Functions, Google Cloud Functions, and IBM Cloud Functions are other examples of FaaS offerings.
Microsoft Azure Functions
Contrast Serverless Application Security supports AWS Lambda and Microsoft Azure Functions, and enables customers to scan for security vulnerabilities on multi-cloud environments.