No magic bullet here - Serverless computing forces software architects and developers to approach security the way it should've been approached early on — by building security in rather than bolting it on
What are the issues?
- Increased attack surface
- Attack surface complexity
- Overall system complexity
- Inadequate security testing
- Traditional security protections become unsuitable
This last point mandates a drastic paradigm shift in application security for serverless architectures. By definition, in a serverless architecture you only control your application's code, and that's pretty much the only thing you own. This means that if you need to protect your own serverless code, your only option is to make sure that you write secure code and that you bake security into your application
https://www.darkreading.com/cloud/serverless-architectures-a-paradigm-shift-in-application-security/a/d-id/1331418
No comments:
Post a Comment