Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Research Topic

Serverless

Latest ResearchWorking Group
How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Serverless
What is serverless?
Serverless computing is an execution model for the cloud. It gives users/developers the ability to build and run applications and services without thinking about servers. Applications are built faster, launched only as needed, and the management of the infrastructure is no longer required. Servers do continue to exist in serverless, but they are abstracted away from the application development procedure. The infrastructure is handled and maintained by the cloud provider, while developers simply package the deployment of their code in containers.

Why is it important?
Serverless brings quite some promising benefits for application developers. Because of automatic scalability, provisioning, and other such characteristics done by the cloud provider, that eliminate the infrastructure concerns from the developers’ focus, the deployment of applications becomes easy, faster and at a lower cost. This way, serverless architecture aims at changing the economic model of cloud computing.

If you are interested in learning how to better secure serverless applications, we recommend you start by reading these recommendations from CSA. 


ServerlessApplication Containers and MicroservicesDevSecOps

Discuss this topic in Circle

View discussion community

Participate

View the working group

Cloud Security Research for Serverless

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

How to Design a Secure Serverless Architecture

How to Design a Secure Serverless Architecture

Like any solution, serverless computing brings with it a variety of cyber risks. This paper covers security for serverless applications, focusing on best practices and recommendations. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls.

Request to download
The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications

As many organizations are still exploring serverless architectures or just taking their first steps in the serverless world, Cloud Security Alliance (CSA) believes this guide is critical for their success in building robust, secure and reliable applications. The 12 Most Critical Risks for Serverless Applications 2019 document is meant to serve as a security awareness and education guide. This report was curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud, and serverless architectures.

Download guidance for serverless
View All Research

Webinars

Hands-on in Supply Chain Security with SLSA, CIS Benchmark and other tools
Hands-on in Supply Chain Security with SLSA, CIS Benchmark a...

October 27 | Online

Learn more

How Does Your Cloud Security Compare, and Where Do You Go From Here?
How Does Your Cloud Security Compare, and Where Do You Go Fr...

October 25 | Online

Learn more

Automatically Prioritize Vulnerabilities Using Runtime Intelligence
Automatically Prioritize Vulnerabilities Using Runtime Intel...

July 19 | online

Learn more

Combating Ransomware 2.0: Beyond Backups
Combating Ransomware 2.0: Beyond Backups

June 28 | online

Learn more

View All Webinars

Blog Posts

Top Threat #9 to Cloud Computing: Misconfiguration and Exploitation of Serverless and Container Workloads
Read Now
Seamlessly Secure Your Cloud Workloads
Read Now
5 Business Benefits of Serverless
Read Now
View All Blog Posts