We talk a lot about how AWS Lambda Security and Microsoft Azure need a different security models, and it’s easy for these ideas to get mixed up. However, there are numerous compelling reasons for security professionals to push their enterprises toward serverless architectures rather than away from them.
Many think serverless frameworks bring new security problems that are hard to solve, especially by hand. However, the truth is that serverless frameworks bring many security benefits and big chances to make security better. Serverless security doesn’t have to be hard if it’s done right. There are new risks, and organizations should consider new techniques and automated solutions.
What is Serverless Computing?
Some call serverless computing “Functions-as-a-Service,” which might be a better name. Some vendors also call serverless computing “Event-Driven Computing.” With cloud computing, organizations no longer need their servers to run applications. Instead, cloud services provide virtual server computing instances.
In the serverless model, the service part is taken one step further, and the server itself is abstracted away. In a nutshell, with serverless, you don’t need a server or container that runs all the time, as you do with other cloud computing services. Instead, an event trigger runs a simple function that does a given task.
For example, instead of having an email service that runs all the time with a serverless email function, an email function could be triggered whenever an email needs to be sent.
Serverless is an idea that started with the AWS Lambda service and is now available on the Google Cloud Platform and Microsoft’s Azure public cloud (GCP). Several open-source options make serverless private cloud and Kubernetes docker container system deployments possible.
The Dangers of Serverless Computing
Serverless computing gives organizations a different, more agile way to deliver services, but it also has a different way of being deployed and managed, which could bring new risks. Organizations should think about the following risks that come with serverless computing:
- ⦁ Security at the provider level: Serverless functions run on a provider’s infrastructure that may or may not be secure.
- Multi-tenancy: A serverless service’s functions often run on a public infrastructure that runs code for more than one customer. This could be a problem if sensitive data is involved.
- Injection attacks: Unexpected or unwanted content or data is put into the normal flow of an application. In the serverless model, an attack usually can come from an event that the serverless function calls to run.
- Encryption: Serverless features can often call databases and other privileged resources. If the connection isn’t encrypted, data could be leaked.
- Misconfigured security: A developer could put access keys, tokens, and passwords directly into a function to allow access to different resources.
- Permissions for functions: Most of the time, serverless functions get the same permissions as a server. On the other hand, a serverless function only needs the bare minimum of permissions to run, and giving too many permissions puts the function at risk.
- Component vulnerabilities: Functions often depend on a supply chain of third-party libraries and components. A known flaw in the component could be used to take advantage of the serverless function.
How to Handle Serverless Security
Managing security for serverless systems is all about putting the right controls and policies in place. Cloud server security policies may work well for virtual compute multiple servers in the cloud, but for serverless computing, there needs to be more control, granularity, and visibility.
Lessen Serverless Permissions
One of the most dangerous things about serverless computing is functions that have more permissions than they need. With serverless, you can make the attack surface much smaller by giving all deployed functions the least amount of permissions.
During the development phase of a function, automated checks can be set up in staging environments to reduce the number of privileges. By profiling how a function works, you can find out what privileges it is using while running. With this information, an administrator can turn down access so that only the necessary privileges are turned on.
All functions that call out to a service, whether part of the same cloud provider or not, need access control and verification to help limit risk. Administrators should follow cloud providers’ best practices to make serverless authentication work.
Use the cloud service provider’s controls.
Cloud service providers also have several built-in services that help users find mistakes. For example, those who use AWS Lambda can choose to use AWS Trusted Advisor.
Function Activity Log
Since serverless functions are driven by events and have no state, looking at real-time activity will often miss most of it. A cloud provider or a third party can do serverless logging and monitoring. This creates an audit trail that may be useful for threat hunting if and when it’s needed.
Watch Function Layers
There can be more than one layer to a function, which can call on different codes and libraries from outside the function. By keeping an eye on layers, an administrator may be able to spot attempts at injection and other bad behavior.
Think about third-party security tools
Even though serverless platforms often include some security controls, they usually only cover the platform where the functions run. Several third-party technologies and tools give serverless computing more layers of visibility and control.
Anything new and untested comes with risks, so you need to learn what works well for your organization to get in front of those risks. And security benefits like visibility as well as granularity are only benefits if you employ the right tools and set up the right workflows.
But once you do, you’ll find that the most secure apps in your organization are the ones you rethought with Lambda, API Gateway, and DynamoDb and secured with the right channels for serverless security.