Serverless functions have become popular for deploying applications because they simplify IT operations. However, they also pose security challenges and risks. This article discusses the main security risks that affect serverless functions and provides three key principles for managing those risks.
The first principle is to use serverless functions only for workloads that do not require a level of security control and observability that is difficult to achieve using serverless functions. The second principle is to take a minimalist approach to serverless computing by reducing the code inside each function to the bare minimum. The third principle is to isolate each function to the extent possible by applying a “zero trust” approach to function configuration and managing function execution using an external control plane rather than relying on the logic that is baked into individual functions.
For more tips on securing serverless functions, check out the free “Serverless Technology Trends Report 2022,” developed by Techstrong Research in conjunction with Orca Security.
Source: The New Stack