CIO Influence
CIO Influence News Cloud Security

Cloud Security Alliance Paper Offers Executive Management Guidance on Factors to Consider When Implementing Serverless Architectures

Cloud Security Alliance Paper Offers Executive Management Guidance on Factors to Consider When Implementing Serverless Architectures
Report reviews risks, security concerns that accompany serverless architecture and offers industry-wide security best practices for adoption

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released its C-Level Guidance to Securing Serverless Architectures. Written by CSA’s Serverless Working Group, the paper provides CISOs, CIOs, security and risk management professionals, and others involved in administering and managing systems, with a high-level business overview of serverless computing and the accompanying risks and security concerns that come when implementing a secure serverless computing solution.

As businesses work to bring technology value to market faster, serverless platforms are gaining adoption with developers as they provide a more effective way to move to cloud-native services without managing infrastructures such as container clusters or virtual machines. In response to serverless architecture’s growing appeal, the paper examines the business benefits of serverless architectures — such as agility, cost, and speed to market — with a focus on serverless application security and industry-wide best practices and recommendations for implementation.

Top iTechnology Security News: ESG Study Reveals Granular and Air-Gapped Backup Are Key in Data Recovery After a Ransomware Attack

Despite the security challenges, when used properly, serverless capabilities can provide security benefits when compared to transitional applications, including stateless and ephemeral components, inherent data compartmentalization, and, in some cases, simplified patching.

“Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure, however, as with any emerging technology, serverless brings with it a variety of unique cyber risks. The evolution of any technology is inevitably followed by the evolution of threat actors looking to exploit its vulnerabilities. It’s critical, therefore, that new technologies are adopted carefully and that proper diligence is undertaken,” said Aradhna Chetal, one of the paper’s co-authors and co-chair of the Serverless Working Group.

The report examines three critical security areas for serverless applications, namely threats that stem from actions taken by:

Top iTechnology Cloud News: Corent Tech’s SaaSOps Now Available on Microsoft AppSource

  1. application owners when setting up infrastructure to host an application
  2. application owners during the process of deploying their applications
  3. the entity providing the service and/or infrastructure to application owners

“Serverless adoption is bound to grow and become mainstream due to the ease of improved developer efficiencies and the reduced management of infrastructure and other dependencies. As the use of serverless computing increases, executives need to be aware of the opportunities and challenges inherent to these technologies,” said Vishwas Manral, one of the paper’s co-authors and co-chair of the Serverless Working Group.

The Serverless Working Group seeks to develop best practices to help organizations looking to run their business with a serverless business model. Individuals interested in becoming involved in future serverless research and initiatives are invited to join the working group.

Download C-Level Guidance to Securing Serverless Architectures now. Those looking to learn more about serverless computing are encouraged to read How to Design a Secure Serverless Architecture.

Top iTechnology IOT News: InfluxData Announces InfluxDB on the Road

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

How You Can Save Your Computer from Deceptor Apps

Bodgan Odulinski

Radware Launches New Cloud Security Center in the United Arab Emirates

CIO Influence News Desk

neutrality.one Connects Taeknizon’s Enterprise Locations to Datamena And Equinix Abu Dhabi with SDWAN

CIO Influence News Desk

Leave a Comment