As the cloud ecosystem has developed and expanded, so have the ways in which users utilize their services in line with their operational and financial requirements as they seek out new ways to maximize the flexibility of the cloud environment. One such example is in the growth of serverless computing, which has generally been shortened to simply “serverless” for those who use it.
This form of popular cloud computing is being adopted by many organizations who are seeking to be more nimble and cost-effective. However, as organizations begin or continue to integrate serverless into their operations, they will need to think more seriously about how they practice serverless security if they hope to use it responsibly.
What is Serverless?
Serverless is the natural progression of cloud computing wherein organizations make use of a cloud provider’s rackspace in order to scale up their computing power. Essentially, the idea is that not all functions for an application are needed all the time, so why should you have to pay rent for a server that isn’t being constantly used?
This makes sense when we think about it since we basically have a need for some of these services such as logic, databases, authentication, and others for short and specified activities like when a user makes a request to our web application. We are essentially using our serverless services for carrying out a range of functions, leading many to refer to serverless also as Function as a Service (FaaS), further adding to the (X)aaS alphabet soup. We invite you to kill a few minutes with your colleagues coming up with your own “X as a Service” combinations. C’mon, you know you want to. Alternatively, see how many you can name. (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/serverless-security-explained