A traditional server architecture model, typically has a tiered application with a web-server in front. This allows the security controls to be installed in front of the web-server and data can be inspected as it goes in and out. This effectively supports data security and visibility capabilities, while protecting the application. But in a serverless architecture, there is no way to install security controls in front of the application.
Now you might ask, “Why do I need to worry about security if I don’t maintain the servers?” While the serverless architecture reduces updating and maintenance burdens, it doesn’t protect the application against injection attacks, data serialization attacks, sensitive data exposure, or vulnerabilities against 3rd party libraries, frameworks and other software modules. It’s the responsibility of the application builder to protect against these and other forms of attacks.
This is where ShieldX helps. It is our mission to reshape security architecture in a way that meets the modern demands of enterprises. In the serverless era, we help customers fundamentally reimagine security. And in doing so, we help them take full advantage of the value of event driven architectures. Our customers protect applications using an architecture that provides a comprehensive approach and combines standard as well as new and unique technologies.
APPLICATION IS THE SECURITY BOUNDARY
The most effective way to protect an application is to enforce a combination of dynamic and static rules. We model security by using application elements and connectivity patterns. Then we tie together all the application security services using continuous learning and behavioral patterns to automatically construct and recommend policies.
What hurdles must security in a serverless architecture overcome?
- Continuous discovery of applications, its elements, functions and dependencies
- Technology to analyze software functions that are polyglot programs written in multiple languages
- References to code sections that contain vulnerabilities and recommendation engine to remove them by making changes to a code
- Verify the integrity of executing code through the runtime lifecycle
- Visualization of application elements in an application graph along with connectivity pattern and whether or not the connection has been secured
- Membership rules that determine what environment the application gets assigned to dynamically
ShieldX brings all application related security services into a single view using the concept of provider notion integration. We help users remediate vulnerabilities with cutting edge analysis technologies as well as capabilities that verify the integrity of application software and manage the complete security lifecycle of dynamic, interactive application architectures. The notion of serverless architecture favors our architectural philosophy and ShieldX is fundamentally changing the way traditional security appliances do security.Tags: FaaS, serverless architecture, serverless security