CSO-Serverless apps are deployed over a cloud platform and are designed to use only the amount of computing resources needed to carry out a task. They come into play when needed, and then go away when the task completes. This is great if you’re looking to maximize performance and minimize overhead in a cloud environment. Because they are small, fast and have short lifespans, however, serverless apps pose challenges to security teams.
The cybersecurity industry is still trying to come to grips with containers, those small, easy-to-deploy, pre-built little bundles of applications. Since many containers can run in a single virtual machine, each isolated from the rest, they are cheaper and more flexible than previous application deployment options.
There’s a lack of serverless security expertise not just in enterprise development teams but in the industry in general, says Robert Huber, chief security and strategy officer at Eastwind Networks. “Very few cyber security professionals understand micro services and cloud computing from a technical level,” he says. “Even more troubling is that most organizations do not have dedicated cyber professionals with the necessary skills to reduce risk in these environments. Now comes serverless apps.”
There’s no solid information yet about all the cyber risks of the new technology, and support from security vendors is “nascent at best,” he says. As a result, companies should be cautious when calculating the ROI of moving to serverless.