Adopting and integrating serverless architecture into a product eliminates many of the costs surrounding deployment, but – it doesn’t eliminate security concerns, or the need for application security throughout the DevOps lifecycle. This page gathers resources about serverless security concerns and best practices.
Table of Contents:
Below we have compiled publicly available sources from around the world that present views on Serverless Security.
A serverless application requires slightly different security approach than a traditional one. It is more the securing functions. And, that’s why you need a specialized platform for comprehensive security protection. Explore the most popular serverless security platforms.
Many assume that serverless is more secure than traditional architectures. This is partly true. As the name implies, serverless architecture does not require server provisioning. Deep under the hood, however, these REST API functions are still running on a server, which in turn runs on an operating system and uses different layers of code to parse the API requests. As a result, the total attack surface becomes significantly larger.
Serverless Architecture — Serverless architecture is a software design pattern where applications are hosted by a third-party service, eliminating the need for server software and hardware management by the developer. This page gathers resources about the pros and cons of serverless architecture, it's advantages and drawbacks.
AWS Lambda — AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. This page gathers resources on AWS Lambda costs, use cases and tutorials.
Azure Functions — Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. You can write just the code you need for the problem at hand, without worrying about a whole application or the infrastructure to run it. This page gathers resources about Azure Functions basics, comparison to AWS Lambda and more.
Google Cloud Functions — Google Cloud Functions is a lightweight, event-based, asynchronous compute solution that allows you to create small, single-purpose functions that respond to cloud events without the need to manage a server or a runtime environment. This page gathers resources about Cloud Functions pricing, tutorials, comparison to AWS Lambda and more.
Serverless Security — Adopting and integrating serverless architecture into a product eliminates many of the costs surrounding deployment, but – it doesn’t eliminate security concerns, or the need for application security throughout the DevOps lifecycle. This page gathers resources about serverless security concerns and best practices.
On-Premises Serverless Platforms — On-premises serverless architecture can be advantageous for organizations whose applications can benefit extensively from serverless functions, and that don't want to pay a cloud provider to host the serverless functions for them. This page gathers resources about on-premises serverless framework and their benefits.
Function as a Service - FaaS — FaaS is the concept of serverless computing via serverless architectures. Software developers can leverage this to deploy an individual “function”, action, or piece of business logic. This page gathers resources about. This page gathers resources about main providers of serverless platforms: AWS Lambda, Azure Functions and Google Cloud Functions.
Knative — Knative (pronounced kay-nay-tiv) extends Kubernetes to provide a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center. This page gathers resources about the basics of Knative, including tutorials and official documentation.
Serverless vs Containers — Serverless and containers are often viewed as competing development technologies. But when integrated, they can be a powerful combination. This page gathers resources about all you need to know about serverless computing, how it compares to containers, and how it can figure into your IT strategy.