Serverless architecture, also known as Function as a Service (FaaS), presents new challenges for securing applications built using this architecture.  FaaS is an event-driven architecture in which a small piece of code is executed on an API call or message.  Various cloud vendors support multi-language (Java, Javascript, python, C#, etc.) FaaS to make it very easy for developers to use.  Additionally, FaaS is attractive for economy and maintenance reasons because the cost is based on the execution time and users don’t have to worry about regular maintenance of web-servers or shared resources. But the architecture introduces challenges in terms of how and where to enforce security controls.

 

A traditional server architecture model, typically has a tiered application with a web-server in front.  This allows the security controls to be installed in front of the web-server and data can be inspected as it goes in and out.  This effectively supports data security and visibility capabilities, while protecting the application. But in a serverless architecture, there is no way to install security controls in front of the application.

Now you might ask, “Why do I need to worry about security if I don’t maintain the servers?”  While the serverless architecture reduces updating and maintenance burdens, it doesn’t protect the application against injection attacks, data serialization attacks, sensitive data exposure, or vulnerabilities against 3rd party libraries, frameworks and other software modules.  It’s the responsibility of the application builder to protect against these and other forms of attacks.

This is where ShieldX helps. It is our mission to reshape security architecture in a way that meets the modern demands of enterprises. In the serverless era, we help customers fundamentally reimagine security. And in doing so, we help them take full advantage of the value of event driven architectures. Our customers protect applications using an architecture that provides a comprehensive approach and combines standard as well as new and unique technologies.

 

APPLICATION IS THE SECURITY BOUNDARY

The most effective way to protect an application is to enforce a combination of dynamic and static rules. We model security by using application elements and connectivity patterns. Then we tie together all the application security services using continuous learning and behavioral patterns to automatically construct and recommend policies.

 

 

 

What hurdles must security in a serverless architecture overcome?

  • Continuous discovery of applications, its elements, functions and dependencies
  • Technology to analyze software functions that are polyglot programs written in multiple languages
  • References to code sections that contain vulnerabilities and recommendation engine to remove them by making changes to a code
  • Verify the integrity of executing code through the runtime lifecycle
  • Visualization of application elements in an application graph along with connectivity pattern and whether or not the connection has been secured
  • Membership rules that determine what environment the application gets assigned to dynamically

ShieldX brings all application related security services into a single view using the concept of provider notion integration. We help users remediate vulnerabilities with cutting edge analysis technologies as well as capabilities that verify the integrity of application software and manage the complete security lifecycle of dynamic, interactive application architectures. The notion of serverless architecture favors our architectural philosophy and ShieldX is fundamentally changing the way traditional security appliances do security.

Tags: , ,