Security Implications of Serverless Computing in the Cloud

Abstract

The promise of easier development, scalability, and cost-effectiveness has made serverless computing quite popular in recent years. But this fundamental change in the architecture of cloud computing brings with it new security issues. The security implications of serverless computing are examined in this paper, along with potential threats, weaknesses, and solutions to improve the overall security posture in a serverless context.

Introduction

Serverless is an application delivery method where cloud providers automatically intercept user requests and computing events to dynamically allocate and scale compute resources, allowing you to run applications without having to provision, configure, manage, or maintain server infrastructure.

It makes use of the Function-as-a-Service (FaaS) concept, a type of service within public cloud, that frees developers from managing a large server infrastructure by enabling them to package and distribute their code easily. Developers construct logic that is deployed in containers that are fully managed by the cloud providers and then executed on demand using the event-driven computing execution architecture known as FaaS.

With serverless functions, the servers are separated from application development, and the cloud provider manages the provisioning, maintaining, and scaling of the server infrastructure in response to the code actions that are triggered. Serverless functions adapt to demand and scale up and down on their own. Serverless are frequently measured by demand using an event-driven execution strategy. Therefore, while a serverless function is not in use, it incurs no costs. An example of a serverless function is a program might wish to....

Read the rest of this story with a free account.

Continue with Facebook

Continue with Google

Continue with GitHub

Already have an account? Sign in