Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

Download Publication

How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Who it's for:
  • application developers  
  • security professionals  
  • CISOs  
  • system and security administrators  
  • information system security officers  

How to Design a Secure Serverless Architecture

Release Date: 09/14/2021

Working Group: Serverless

Like any solution, serverless computing brings with it a variety of cyber risks. This paper provides best practices and recommendations for securing serverless applications. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls.

The document assumes that the readers have some knowledge of coding practices, security and networking expertise, and application containers, microservices, functions, and agile application development.

Key Takeaways: 

  1. What is Serverless
  2. Advantages and benefits of serverless architecture
  3. Shared responsibility model for serverless
  4. Security design, controls and best practices
  5. Kubernetes security best practices 
  6. CI-CD pipelines, Function Code, Code scans and policy enforcement for Functions and Containers    
  7. Compliance and governance for serverless

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Aradhna Chetal Headshot
Aradhna Chetal
Senior Director Executive- Cloud Security

Aradhna Chetal

Senior Director Executive- Cloud Security

Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.

Aradhna is an active member in the cy...

Read more

Vishwas Manral Headshot
Vishwas Manral
Chief Technologist at McAfee Enterprise, Head of Cloud Native Security

Vishwas Manral

Chief Technologist at McAfee Enterprise, Head of Cloud Native Security

Vishwas is the co-chair of CSA’s Serverless working group and a contributor to theApplication Containers and Microservices working group. He has served as a presenter at the CSA Virtual EU Summit 2020, and as chair of the Silicon Valley chapter. He is the head of Cl...

Read more

Madhav Chablani Headshot Missing
Madhav Chablani

Madhav Chablani

This person does not have a biography listed with CSA.

Peter Campbell Headshot
Peter Campbell
Director - Global Security Engineering - Cigna

Peter Campbell

Director - Global Security Engineering - Cigna

Cloud Security Engineering leader responsible for security engineering and security innovation. Enables new and untried technologies, runs proof of concepts, designs and engineers security configurations and enables the business to leverage new technology safely. Led the creation of Cigna’s security assurance framework which ensures that the security vision is consistently executed. Current research focuses on the domains of sec...

Read more

Vani Murthy Headshot
Vani Murthy
Senior advisor Security & Compliance at Akamai Technologies

Vani Murthy

Senior advisor Security & Compliance at Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Ricardo Ferreira Headshot
Ricardo Ferreira
EMEA CISO

Ricardo Ferreira

EMEA CISO

This person does not have a biography listed with CSA.

John Wrobel Headshot Missing
John Wrobel

John Wrobel

This person does not have a biography listed with CSA.

Shobhit Mehta Headshot Missing
Shobhit Mehta

Shobhit Mehta

This person does not have a biography listed with CSA.

John Kinsella Headshot Missing
John Kinsella

John Kinsella

This person does not have a biography listed with CSA.

Elisabeth Vasquez Headshot Missing
Elisabeth Vasquez

Elisabeth Vasquez

This person does not have a biography listed with CSA.

Brad Woodward Headshot Missing
Brad Woodward

Brad Woodward

This person does not have a biography listed with CSA.

David Hadas Headshot Missing
David Hadas

David Hadas

This person does not have a biography listed with CSA.

Akshay Mahajan Headshot Missing
Akshay Mahajan

Akshay Mahajan

This person does not have a biography listed with CSA.

Anil Karmel Headshot
Anil Karmel
Co-founder and CEO of C2 Labs

Anil Karmel

Co-founder and CEO of C2 Labs

Anil is co-chair of the CSA Application Containers and Microservices working group and has led the development of multiple research artifacts, building off the work started in the NIST Cloud Security working group. He is president of the CSA DC Metro Area Chapter, which he has transformed from a dormant chapter into one of North America’s most a...

Read more

Alex Rebo Headshot Missing
Alex Rebo

Alex Rebo

This person does not have a biography listed with CSA.

Dr. Vrettos Moulos Headshot
Dr. Vrettos Moulos

Dr. Vrettos Moulos

Dr. Vrettos Moulos is a senior research software engineer in Institute of Communication and Computer Systems in Greece. He holds a PhD in secure microservice architecture patterns from the School of Electrical and Computer Engineering of the National Technical University of Athens (NTUA).

He has been a member, for more than 10 years, of software development teams creating mission critical applications (rule-based decision systems, sec...

Read more

Abhishek Vyas Headshot
Abhishek Vyas
Head of Security Consultancy and Architecture

Abhishek Vyas

Head of Security Consultancy and Architecture

I have been working in Cybersecurity for over 10 years, and have been working on large scale multi-cloud programs in the Software and Finance industries over that period. I deliver business value through robust, scalable, fit for business cybersecurity, by establishing new ways of working to help the business to innovate. Challenging the status quo to help remove inertia, and ensuring that cybersecurity remains relevant and mea...

Read more

Eric Matlock Headshot Missing
Eric Matlock

Eric Matlock

This person does not have a biography listed with CSA.

Raja Rajenderan Headshot Missing
Raja Rajenderan

Raja Rajenderan

This person does not have a biography listed with CSA.

Namrata Kulkarni Headshot Missing
Namrata Kulkarni

Namrata Kulkarni

This person does not have a biography listed with CSA.

Marina Bregkou Headshot Missing
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

This person does not have a biography listed with CSA.

Amit Bendor Headshot Missing
Amit Bendor

Amit Bendor

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?