+44 20 3290 3020 [email protected]

Securing serverless computing, the latest cloud paradigm [Q&A]

The cloud-skills shortage has made security a major challenge for enterprises. In fact, virtually every data breach in the cloud today is due to human error, rather than brilliant hacking. Hackers don’t even bother launching attacks in the public cloud; they simply look for misconfigured systems that leave data exposed. Against this backdrop, a whole new cloud model is taking hold — serverless computing. In a world where cloud certifications and security skills are already in short supply and causing chaos in the cloud, what will serverless computing do to compound that problem for enterprises? Is it possible for organizations to avoid making the same mistakes with this new paradigm that they are making in traditional cloud environments? To shed some light on this issue, we spoke with Joe Vadakkan, cloud security leader at Optiv Security , the world’s largest security solutions integrator. BN: What is serverless computing? JV: Serverless computing, or Function-as-a-Service (FaaS), is a cloud computing model that enables developers to deploy and run individual code functions rather than having to deploy entire applications. Services such as AWS Lambda and Microsoft Azure Functions, which are rapidly growing in popularity, offer FaaS platforms that make serverless computing and true utility computing a reality by allowing developers to deploy code functions in the cloud, rather than entire applications, and only pay for the exact resource usage of those functions in a completely automated environment, rather than pre-paying for capacity to run entire applications that require human management. So, instead of deploying an application in a discrete virtual machine, developers deploy their application functionality directly onto a FaaS platform, and all the underlying traditional server capabilities (computes, memory, backup, storage, etc.) are abstracted out and taken care of by the cloud provider. This model provides a number of benefits to developers, including reduced security overhead, cost-savings, increased productivity and auto-scaling, which is why we’re seeing an uptick in adoption of this new cloud paradigm. BN: How is it different from traditional cloud computing? JV: Serverless computing is a type of cloud computing, but there are two major differences between the two models that are important to note. First, serverless computing automates security and database management tasks, such as patching, storage and backup, that, in a traditional cloud environment, end users are responsible for managing manually. The second major difference between the two computing models is in the division of responsibilities between the cloud provider and the application owner. In a traditional cloud environment, end users are responsible for securing operating systems, applications and data. With serverless computing, more of the responsibility for securing the underlying platform is offloaded to the cloud provider, so developers really only need to focus on securing the data and the code layer. BN: Organizations continue to face cloud security challenges, and now serverless computing is in the picture. What makes it difficult to secure these environments? JV: First, the good news. Because, in a serverless environment, the onus of securing the underlying infrastructure is delegated […]

Send this to a friend