What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
Cloud Native Ecosystem / Cloud Services / Containers / DevOps / Kubernetes / Open Source / Security / Serverless / Software Development

Assessing the Current State of Serverless Security

Jul 13th, 2017 2:00pm by
Featued image for: Assessing the Current State of Serverless Security

Security is almost always a leading pain point cited by users, and it doesn’t seem to really matter what environment or technology they’re being polled about. Anytime we’re moving into focusing on a new technology or ecosystem, security will always be one of those things that’s on top of the mind. But when it comes to serverless technologies, is the security perspective really any different than, say, lessons learn around microservices and cloud providers? Does the focus of the serverless community on a handful of centralized tools actually improve the prospects of early security, or does it only compound those problems?

In this episode of The New Stack Analysts podcast, we spoke about the state of serverless security with writer/analyst Mark Boyd, security company Snyk’s CEO Guy Podjarny, and Paul Johnston, founder of Roundabout Labs. In our discussion at ServerlessConf Austin, we talked about both the tools used to secure serverless environments, and the methodologies used to provide inherent, consistently secure approaches.

The panel agreed that there are many classic security questions which remain the same, especially in regards to best practices from cloud providers, but there are still new security threats dealing with the pace at which serverless allows teams to experiment. We talked about how serverless moves the security concern from the infrastructure level to high-level targets, such as application security, data security, and network security. Finally, we also discussed how the state of serverless security will change as serverless sees greater adoption.

#141: Assessing The State Of Serverless Security


3:12: The concerns and focuses for serverless security.
6:15: What is different about serverless architectures that make security important?
17:20: Logging at scale with serverless technology.
22:11: Best practices for working with serverless technology.
27:21: Serverless as a way to do continuous experimentation.
32:55: Tooling in the serverless ecosystem.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.