We’ve seen time and again how serverless architecture can benefit your application; graceful scaling, cost efficiency, and a fast production time are just some of the things you think of when talking about serverless. But what about serverless security? What do I need to do to ensure my application is not prone to attacks?
“It’s a bit like riding in an Uber vs. taking your own car. Sure, the drivers are probably more professional and perhaps better trained. And the flexibility of paying for a car only when you need it is great. At the same time, you don’t get to choose which safety features the car has or how many airbags you’ll have around you.”
From a developer perspective serverless architecture, switching to serverless is a great move as it allows them to focus on the product itself. At the same time, the platform on which the code executes is run by the province provider. What this means for security is that the patches themselves are being applied on time every time, which is one of the biggest “challenges” for traditional servers. Basically, the people responsible for the security updates either forget or just ignore said updates, leaving you and your data at great risk.
While the architecture has some clear advantages over its traditional counterpart, serverless has some security disadvantages. I’ll quickly go over a few, but you can read our Serverless Security article based on AWS Well-Architected Framework if you want to go into details.