Home Conference Sessions Serverless Secur...

Serverless Security: New Risks Require New Approaches

Itay Rozenman | GOTO Copenhagen 2021

You need to be signed in to add a collection

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up the developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster. What are the new challenges that organisation now faces? In many organisations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. Fortunately, it does not have to be this way. Organisations can leverage robust security during serverless development, automatically—if it is done properly. Takeaways: - Understanding new security challenges - Live demo – Through which they can understand the risks - Related materials and projects – audiences can leverage these projects to learn/train in attacking/securing Serverless apps. - Available solutions for defence and monitoring

Share on:
linkedin facebook
Copied!

Transcript

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up the developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

What are the new challenges that organisation now faces? In many organisations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces.

As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. Fortunately, it does not have to be this way. Organisations can leverage robust security during serverless development, automatically—if it is done properly.

Takeaways:

  • Understanding new security challenges
  • Live demo – Through which they can understand the risks
  • Related materials and projects – audiences can leverage these projects to learn/train in attacking/securing Serverless apps.
  • Available solutions for defence and monitoring

About the speakers

Itay Rozenman

Itay Rozenman

Senior director of engineering at Contrast Security

Related topics