Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

Download Publication

How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Who it's for:
  • Application Developers  
  • Security Professionals  
  • CISOs  
  • System and Security
    Administrators  
  • Information System Security 
    Officers

How to Design a Secure Serverless Architecture

Release Date: 10/23/2023

As businesses work to bring technology value to market faster, serverless computing is gaining adoption with developers. Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to cloud-native services without managing infrastructures like container clusters or virtual machines. However, like any solution, serverless computing brings with it a variety of cyber risks. 

This publication provides best practices and recommendations for securing serverless architectures. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls. This 2023 version provides an update to the original document published in 2021. The update includes new recommendations to secure workloads utilizing a serverless solution.

Key Takeaways: 
  • What is serverless
  • The advantages and benefits of serverless architectures
  • What is the shared responsibility model for serverless
  • Secure serverless design considerations, controls, and best practices
  • Kubernetes security best practices 
  • Compliance and governance best practices for serverless
Download this Resource

Bookmark
Share
Related resources
Enterprise Authority To Operate (EATO) Controls Framework
Enterprise Authority To Operate (EATO) Controls...
CCM v4.0 Implementation Guidelines
CCM v4.0 Implementation Guidelines
Cloud Controls Matrix and CAIQ v4
Cloud Controls Matrix and CAIQ v4
New Cloud Security Guidance from CSA
New Cloud Security Guidance from CSA
Published: 07/17/2024
Data Breach Accountability: Who’s to Blame?
Data Breach Accountability: Who’s to Blame?
Published: 07/16/2024
The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1
The Cybersecurity Tower of Babel Requires Focus on Business Fundame...
Published: 07/11/2024
How CSA Corporate Membership Enhances Your STAR Submission
How CSA Corporate Membership Enhances Your STAR Submission
Published: 07/09/2024

Acknowledgements

Akshay Mahajan
Akshay Mahajan
Senior Manager, Wayfair

Akshay Mahajan

Senior Manager, Wayfair

Rajat Dubey
Rajat Dubey
Cybersecurity Expert, Allianz Commercial

Rajat Dubey

Cybersecurity Expert, Allianz Commercial

Rajat is an accomplished cybersecurity expert with over 13 years of experience safeguarding critical systems and data for global enterprises. His expertise spans cyber risk assessment, compliance, threat modeling, incident response, Penetration testing, Ethical hacking, Digital Forensic, Cloud Security and emerging technologies (AI, Blockchain, IoT, Quantum computing) for enhanced security.

Read more

Aradhna Chetal
Aradhna Chetal
Senior Director Executive- Cloud Security

Aradhna Chetal

Senior Director Executive- Cloud Security

Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.

Aradhna is an active member in the cy...

Read more

Vishwas Manral
Vishwas Manral
Founder at Precize Inc & Fellow at Cloud Security Alliance

Vishwas Manral

Founder at Precize Inc & Fellow at Cloud Security Alliance

Vishwas is the Founder at Precize Inc, a stealth Cloud and AI security startup. Vishwas is also the co-chair of CSA’s Serverless Working Group and the Chair of Cloud Security Alliance in Silicon Valley. He was the head of Cloud Native security and Chief Technologist at McAfee Enterprise + FireEye. Vishwas joined McAfee Enterprise when his com...

Read more

Vani Murthy
Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies

Vani Murthy

Sr. Information Security Compliance Advisor, Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Ricardo Ferreira
Ricardo Ferreira
EMEA CISO

Ricardo Ferreira

EMEA CISO

John Wrobel Headshot Missing
John Wrobel

John Wrobel

Elisabeth Vasquez Headshot Missing
Elisabeth Vasquez

Elisabeth Vasquez

David Hadas Headshot Missing
David Hadas

David Hadas

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

Wayne Anderson Headshot Missing
Wayne Anderson

Wayne Anderson

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training