Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Download Publication

How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Who it's for:
  • Application Developers  
  • Security Professionals  
  • CISOs  
  • System and Security
    Administrators  
  • Information System Security 
    Officers

How to Design a Secure Serverless Architecture

Release Date: 10/23/2023

As businesses work to bring technology value to market faster, serverless computing is gaining adoption with developers. Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to cloud-native services without managing infrastructures like container clusters or virtual machines. However, like any solution, serverless computing brings with it a variety of cyber risks. 

This publication provides best practices and recommendations for securing serverless architectures. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls. This 2023 version provides an update to the original document published in 2021. The update includes new recommendations to secure workloads utilizing a serverless solution.

Key Takeaways: 
  • What is serverless
  • The advantages and benefits of serverless architectures
  • What is the shared responsibility model for serverless
  • Secure serverless design considerations, controls, and best practices
  • Kubernetes security best practices 
  • Compliance and governance best practices for serverless
Download this Resource

Bookmark
Share
Related resources
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The State of Security Remediation 2024
The State of Security Remediation 2024
Key Management Lifecycle Best Practices
Key Management Lifecycle Best Practices
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endorses Zero Trust
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endor...
Published: 02/28/2024
The Hidden Certificates in Your Organization: How to Find Them
The Hidden Certificates in Your Organization: How to Find Them
Published: 02/26/2024
3 Critical Steps for Application Security Teams in 2024
3 Critical Steps for Application Security Teams in 2024
Published: 02/23/2024
Zero Trust Messaging Needs a Reboot
Zero Trust Messaging Needs a Reboot
Published: 02/16/2024

Acknowledgements

Rajat Dubey
Rajat Dubey
Cybersecurity Expert, Allianz Commercial

Rajat Dubey

Cybersecurity Expert, Allianz Commercial

Rajat is an accomplished cybersecurity expert with over 13 years of experience safeguarding critical systems and data for global enterprises. His expertise spans cyber risk assessment, compliance, threat modeling, incident response, Penetration testing, Ethical hacking, Digital Forensic, Cloud Security and emerging technologies (AI, Blockchain, IoT, Quantum computing) for enhanced security.

Read more

Aradhna Chetal
Aradhna Chetal
Senior Director Executive- Cloud Security

Aradhna Chetal

Senior Director Executive- Cloud Security

Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.

Aradhna is an active member in the cy...

Read more

Vishwas Manral
Vishwas Manral
Founder at Precize Inc & Fellow at Cloud Security Alliance

Vishwas Manral

Founder at Precize Inc & Fellow at Cloud Security Alliance

Vishwas is the Founder at Precize Inc, a stealth Cloud and AI security startup. Vishwas is also the co-chair of CSA’s Serverless Working Group and the Chair of Cloud Security Alliance in Silicon Valley. He was the head of Cloud Native security and Chief Technologist at McAfee Enterprise + FireEye. Vishwas joined McAfee Enterprise when his com...

Read more

Vani Murthy
Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies

Vani Murthy

Sr. Information Security Compliance Advisor, Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Ricardo Ferreira
Ricardo Ferreira
EMEA CISO

Ricardo Ferreira

EMEA CISO

This person does not have a biography listed with CSA.

John Wrobel Headshot Missing
John Wrobel

John Wrobel

This person does not have a biography listed with CSA.

Elisabeth Vasquez Headshot Missing
Elisabeth Vasquez

Elisabeth Vasquez

This person does not have a biography listed with CSA.

David Hadas Headshot Missing
David Hadas

David Hadas

This person does not have a biography listed with CSA.

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

This person does not have a biography listed with CSA.

Wayne Anderson Headshot Missing
Wayne Anderson

Wayne Anderson

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training