One of the main benefits of serverless is the ability to shift server administration- and platform management-related tasks to a third party, allowing for a greater focus on development and deployment. But this freedom can come at a price — relying on serverless also means, for example, giving more control to a third party. Many things for which you are at the mercy of the serverless provider include unexpected downtimes, fluctuating pricing, and ultimately, the inability to benefit from features tailored to your specific needs since you are likely one of thousands of customers. The control of underlying security parameters can also be an issue.
However, with the right tools, it is possible gain visibility and control of runtime security for your serverless data and applications. Ory Segal, CTO and co-founder of serverless security provider PureSec, was on hand to discuss how, during a podcast hosted earlier this month by Alex Williams, founder and editor-in-chief of The New Stack, earlier this year at ServerlessConf 2018.
The inherent issue with serverless is that customers do not own the runtime environment since “you are a guest,” Segal said. “Being able to sit there and monitor everything at a very low level..is challenging,” Segal said.
Watch on YouTube: https://youtu.be/70G1e1QpiX8