Cloud Security Alliance Paper Offers Executive Management Guidance on Factors to Consider When Implementing Serverless Architectures

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released its C-Level Guidance to Securing Serverless Architectures. Written by CSA’s Serverless Working Group, the paper provides CISOs, CIOs, security and risk management professionals, and others involved in administering and managing systems, with a high-level business overview of serverless computing and the accompanying risks and security concerns that come when implementing a secure serverless computing solution.

As businesses work to bring technology value to market faster, serverless platforms are gaining adoption with developers as they provide a more effective way to move to cloud-native services without managing infrastructures such as container clusters or virtual machines. In response to serverless architecture’s growing appeal, the paper examines the business benefits of serverless architectures — such as agility, cost, and speed to market — with a focus on serverless application security and industry-wide best practices and recommendations for implementation.

Despite the security challenges, when used properly, serverless capabilities can provide security benefits when compared to transitional applications, including stateless and ephemeral components, inherent data compartmentalization, and, in some cases, simplified patching.

“Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure, however, as with any emerging technology, serverless brings with it a variety of unique cyber risks. The evolution of any technology is inevitably followed by the evolution of threat actors looking to exploit its vulnerabilities. It's critical, therefore, that new technologies are adopted carefully and that proper diligence is undertaken,” said Aradhna Chetal, one of the paper’s co-authors and co-chair of the Serverless Working Group.

The report examines three critical security areas for serverless applications, namely threats that stem from actions taken by:

  1. application owners when setting up infrastructure to host an application
  2. application owners during the process of deploying their applications
  3. the entity providing the service and/or infrastructure to application owners

“Serverless adoption is bound to grow and become mainstream due to the ease of improved developer efficiencies and the reduced management of infrastructure and other dependencies. As the use of serverless computing increases, executives need to be aware of the opportunities and challenges inherent to these technologies,” said Vishwas Manral, one of the paper’s co-authors and co-chair of the Serverless Working Group.

The Serverless Working Group seeks to develop best practices to help organizations looking to run their business with a serverless business model. Individuals interested in becoming involved in future serverless research and initiatives are invited to join the working group.

Download C-Level Guidance to Securing Serverless Architectures now. Those looking to learn more about serverless computing are encouraged to read How to Design a Secure Serverless Architecture.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.