Cloud 101CircleEventsBlog

Download Publication

How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Who it's for:
  • application developers  
  • security professionals  
  • CISOs  
  • system and security administrators  
  • information system security officers  

How to Design a Secure Serverless Architecture

Release Date: 09/14/2021

Working Group: Serverless

Like any solution, serverless computing brings with it a variety of cyber risks. This paper provides best practices and recommendations for securing serverless applications. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls.

The document assumes that the readers have some knowledge of coding practices, security and networking expertise, and application containers, microservices, functions, and agile application development.

Key Takeaways: 

  1. What is Serverless
  2. Advantages and benefits of serverless architecture
  3. Shared responsibility model for serverless
  4. Security design, controls and best practices
  5. Kubernetes security best practices 
  6. CI-CD pipelines, Function Code, Code scans and policy enforcement for Functions and Containers    
  7. Compliance and governance for serverless
Download this Resource

Prefer to access this resource without an account? Download it now.

Share
View translations
Related resources
An Agile Data Doctrine for a Secure Data Lake
An Agile Data Doctrine for a Secure Data Lake
C-Level Guidance to Securing Serverless Architectures
C-Level Guidance to Securing Serverless Archite...
Software-Defined Perimeter (SDP) Specification v2.0
Software-Defined Perimeter (SDP) Specification ...
Chaos in the Cloud: Rampant Cloud Activity Requires Modern Protection
Chaos in the Cloud: Rampant Cloud Activity Requires Modern Protection
Published: 05/17/2023
Shadow Data is Inevitable, but Security Risks Aren’t
Shadow Data is Inevitable, but Security Risks Aren’t
Published: 04/12/2023
The Future of Cloud
The Future of Cloud
Published: 03/24/2023
“Hi ChatGPT, please help Cybersecurity”
“Hi ChatGPT, please help Cybersecurity”
Published: 01/31/2023

Acknowledgements

Aradhna Chetal
Aradhna Chetal
Senior Director Executive- Cloud Security

Aradhna Chetal

Senior Director Executive- Cloud Security

Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.

Aradhna is an active member in the cy...

Read more

Vishwas Manral
Vishwas Manral
Chief Technologist at McAfee Enterprise, Head of Cloud Native Security

Vishwas Manral

Chief Technologist at McAfee Enterprise, Head of Cloud Native Security

Vishwas is the co-chair of CSA’s Serverless working group and a contributor to theApplication Containers and Microservices working group. He has served as a presenter at the CSA Virtual EU Summit 2020, and as chair of the Silicon Valley chapter. He is the head of Cl...

Read more

Madhav Chablani Headshot Missing
Madhav Chablani
Consulting CIO, TippingEdge Consulting

Madhav Chablani

Consulting CIO, TippingEdge Consulting

This person does not have a biography listed with CSA.

Peter Campbell
Peter Campbell
Senior Director Cloud Strategy and Engineering

Peter Campbell

Senior Director Cloud Strategy and Engineering

Cloud Security Engineering leader responsible for security engineering and security innovation. Enables new and untried technologies, runs proof of concepts, designs and engineers security configurations and enables the business to leverage new technology safely. Led the creation of Cigna’s security assurance framework which ensures that the security vision is consistently executed. Current research focuses on the domains of sec...

Read more

Vani Murthy
Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies

Vani Murthy

Sr. Information Security Compliance Advisor, Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Ricardo Ferreira
Ricardo Ferreira
EMEA CISO

Ricardo Ferreira

EMEA CISO

This person does not have a biography listed with CSA.

John Wrobel Headshot Missing
John Wrobel

John Wrobel

This person does not have a biography listed with CSA.

Shobhit Mehta Headshot Missing
Shobhit Mehta

Shobhit Mehta

This person does not have a biography listed with CSA.

John Kinsella Headshot Missing
John Kinsella

John Kinsella

This person does not have a biography listed with CSA.

Elisabeth Vasquez Headshot Missing
Elisabeth Vasquez

Elisabeth Vasquez

This person does not have a biography listed with CSA.

Brad Woodward Headshot Missing
Brad Woodward

Brad Woodward

This person does not have a biography listed with CSA.

David Hadas Headshot Missing
David Hadas

David Hadas

This person does not have a biography listed with CSA.

Akshay Mahajan Headshot Missing
Akshay Mahajan

Akshay Mahajan

This person does not have a biography listed with CSA.

Anil Karmel
Anil Karmel
Co-founder and CEO, RegScale

Anil Karmel

Co-founder and CEO, RegScale

Anil Karmel is the Co-Founder and CEO of RegScale, which helps organizations start and stay compliant via the world's first real-time GRC platform. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies Kar...

Read more

Alex Rebo Headshot Missing
Alex Rebo

Alex Rebo

This person does not have a biography listed with CSA.

Dr. Vrettos Moulos
Dr. Vrettos Moulos

Dr. Vrettos Moulos

Dr. Vrettos Moulos is a senior research software engineer in Institute of Communication and Computer Systems in Greece. He holds a PhD in secure microservice architecture patterns from the School of Electrical and Computer Engineering of the National Technical University of Athens (NTUA).

He has been a member, for more than 10 years, of software development teams creating mission critical applications (rule-based decision systems, sec...

Read more

Abhishek Vyas
Abhishek Vyas
Head of Security Consultancy and Architecture

Abhishek Vyas

Head of Security Consultancy and Architecture

I have been working in Cybersecurity for over 10 years, and have been working on large scale multi-cloud programs in the Software and Finance industries over that period. I deliver business value through robust, scalable, fit for business cybersecurity, by establishing new ways of working to help the business to innovate. Challenging the status quo to help remove inertia, and ensuring that cybersecurity remains relevant and mea...

Read more

Eric Matlock Headshot Missing
Eric Matlock

Eric Matlock

This person does not have a biography listed with CSA.

Raja Rajenderan Headshot Missing
Raja Rajenderan

Raja Rajenderan

This person does not have a biography listed with CSA.

Namrata Kulkarni
Namrata Kulkarni
Cyber Security Architect

Namrata Kulkarni

Cyber Security Architect

This person does not have a biography listed with CSA.

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

This person does not have a biography listed with CSA.

Amit Bendor Headshot Missing
Amit Bendor

Amit Bendor

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?