What are Serverless Architecture ?
The software’s that are build and deployed without the use of virtual or in-house physical server uses a Function as-a-service(Faas) that uses server less architecture.
Due to inherent features like scalability and compatibility with cloud services like Azure Function, AWS lambda, google cloud function etc, This kind of architecture has gained popularity. But on the other hand they are immune to many security issues which impacts the traditional server based systems companies are using now a days.
Why we should consider a serverless architecture? There are some advantages :
- Reduced Total operational costs: We can spend less time on managing and maintaining the infrastructure of our applications
- Reduced Overall Development costs : Serverless application’s backend is maintained and handled by a 3rd party service providers
- Cost effective : Since we only have to pay for the computing power that we need
- Less Effort/coding : Running a serverless architecture requires very less coding and deploying of application become easy.
These are the following security risks in serverless architecture :
- Function event data injection: There are certain events such as Nosql database, Code change, message queue event and signal etc, increases the potential attacks on architecture and introduces complexities while attempting to protect the serverless functions against various injections
- Broken authentication: Those Applications that are built using serverless architecture oftenly contains hundreds of serverless functions – each having specific purpose. These functions connects together to form a system logic, But some of these functions may give a way[gateway] to public APIs, which leads to broken unauthorized authentications.
3.Insecure third-party dependencies: When serverless architecture uses functions of third party softwares such as open sources packages or libraries, the chances of vulnerability increases which can exploit the whole architecture.
- DDoS attacks, resources stretched to the limit: As there are many limits such as memory allocation, duration of functions and execution time etc, Distributed denial-of-service (DDoS) attacks pose a major risk to serverless architecture. Default limits and poor configuration of servers can lead to successful DDoS attacks in servers.
“ Serverless applications can invite cyber-attacks in servers “
- Breach of Information: The breach of information of clients and customers are always at risk when the applications are built using serverless architecture. As the data is stored on cloud not the device then hackers can have control over the information that can easily be stolen.
The “Big Three” cloud vendors that have invested in server less architecture are :