How do developers keep their applications safe ?
I’m assuming if you’re reading this that you are somewhat familiar with the concept of Serverless computing, if not have a look at my previous article to get you up to speed. Security in cloud computing is obviously very important — but with major cloud providers investing hugely in security, it is the preparation of code before it is deployed which seems to matter more. According to Serverless.com’s blog post
“Most server vulnerabilities are due to programmer error”
When a developer uses serverless architecture, it forces them to write well thought out code. If they don’t, this is will create problems down the line. This can only be seen as a good thing for the security of future applications.
We’ve explored the benefits of cloud computing — someone else is managing your infrastructure which means maximum efficiency and makes room for innovation. However, after looking through forums and blogs that talk about the security element of serverless, it seems that some people try to make a problem where there isn’t one at all. Why is this? I think there is risk anywhere when working online, so the thought that your data will be safer on your own servers compared to a professional cloud provider’s servers, where they invest so much money in this area, doesn’t make a whole lot of sense to me. After this, I did some research on how software developers who utilize serverless technology can be mindful of security measures while preparing an application that will be deployed on a serverless platform.
Basically, it is as much the “customers” responsibility to build safe applications that will be deployed, as it is the cloud providers to ensure safety within their cloud space.
I had a look around to educate myself on some security measures everyone should be aware of, and came across “The Top Ten most critical security risks in Serverless architectures”, a study by PureSec. It serves as a serverless security awareness and education guide, and in my personal opinion is a great no nonsense best-practices guide to going serverless. I have put together a few key takeaways from this article:
- Validate your input
- Use a firewall
- Use built-in authentication
- Enable all the encryption methods you can
- Logging and monitoring
- Use proper exception handling
As you can see, the steps are fairly general and are the steps any person writing code and deploying it somewhere would need to consider. The only difference is if these steps are followed correctly, then the cloud providers job to keep the companies data secure on their servers will be a lot easier. If the servers were on premise, the company would need to deal with the server security on top of app development.
To wrap it up
I feel it is extremely important to embrace this new “as-a-service” offering for developers and companies, as it will be those that do not embrace the future of cloud computing that will find themselves falling behind as those harnessing the power of servers maintained by a cloud provider speed ahead in areas like innovation and time to market. The consequence of falling behind in these areas will ultimately translate to loss of revenue.
So, to developers of the future — secure your applications and go serverless!