Circle
Events
Blog

Research Topic

Serverless

Latest ResearchWorking Group
How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture

Download

Serverless
What is serverless?
Serverless computing is an execution model for the cloud. It gives users/developers the ability to build and run applications and services without thinking about servers. Applications are built faster, launched only as needed, and the management of the infrastructure is no longer required. Servers do continue to exist in serverless, but they are abstracted away from the application development procedure. The infrastructure is handled and maintained by the cloud provider, while developers simply package the deployment of their code in containers.

Why is it important?
Serverless brings quite some promising benefits for application developers. Because of automatic scalability, provisioning, and other such characteristics done by the cloud provider, that eliminate the infrastructure concerns from the developers’ focus, the deployment of applications becomes easy, faster and at a lower cost. This way, serverless architecture aims at changing the economic model of cloud computing.

If you are interested in learning how to better secure serverless applications, we recommend you start by reading these recommendations from CSA. 


ServerlessApplication Containers and MicroservicesDevSecOps

Discuss this topic in Circle

Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.

View discussion community

Participate in Serverless Research

The Serverless working group seeks to develop best practices to help organizations that want to run their business with a serverless business model. With the complexity of this business model, it is imperative that industry best practices are established to provide companies with guidelines to achieve compliance and security.

View the working group

Cloud Security Research for Serverless

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

How to Design a Secure Serverless Architecture

How to Design a Secure Serverless Architecture

Like any solution, serverless computing brings with it a variety of cyber risks. This paper covers security for serverless applications, focusing on best practices and recommendations. It offers an extensive overview of the different threats, focusing on the application owner risks that serverless platforms are exposed to and suggesting the appropriate security controls.

The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications

As many organizations are still exploring serverless architectures or just taking their first steps in the serverless world, Cloud Security Alliance (CSA) believes this guide is critical for their success in building robust, secure and reliable applications. The 12 Most Critical Risks for Serverless Applications 2019 document is meant to serve as a security awareness and education guide. This report was curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud, and serverless architectures.

Webinars

Is the security team the bottleneck to remediation?
Is the security team the bottleneck to remediation?

June 20 | online

Learn more

The Missing Story with Every Cloud Breach — and What You Need to Know and Do
The Missing Story with Every Cloud Breach — and What You Nee...

April 28 | Online

Learn more

Avoid the top threats facing your data repositories with GitOps: Security as Code
Avoid the top threats facing your data repositories with Git...

April 26 | Online

Learn more

Turn Alert Fatigue into Meaningful Risks with Cyber Asset Relationship Graphs
Turn Alert Fatigue into Meaningful Risks with Cyber Asset Re...

February 22 | Online

Learn more

Blog Posts

How to Architect for Sustainability in a Cloud Native Environment
What is Serverless? How Does it Impact Security?
Kubernetes Security Best Practices