YoVDO

Doing Security in 100 Milliseconds - The Speed of Serverless Computing

Offered By: LASCON via YouTube

Tags

LASCON Courses Cloud Computing Courses System Administration Courses Serverless Computing Courses Integration Testing Courses

Course Description

Overview

Explore the security implications of serverless computing in this 46-minute LASCON conference talk. Dive into the challenges and opportunities presented by serverless architectures, including AWS Lambda, Azure Functions, and Google Cloud Functions. Learn how traditional security approaches must adapt to this new paradigm where processes run for milliseconds before being destroyed. Discover practical security strategies focusing on four key areas: software supply chain, delivery pipeline, data flow, and attack detection. Gain insights into serverless adoption patterns and witness a live demo of building and securing a complete serverless application. Whether you're a C-level executive or a developer, acquire valuable knowledge about serverless security principles and practices applicable to your role.

Syllabus

Intro
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just emerging Security with serverless is easier Security with serverless is harder
MISCONCEPTIONS
IT'S MARKETING (CLOUD REBRANDED)
SERVERLESS == CLOUD
Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.
SERVERLESS IS (NO MANAGEMENT OF) SERVERS
OPINIONATED FRAMEWORK FOR COMPUTE
PRIVATE CLOUD
THEN, ALONG CAME CONTAINERS
CONTAINERS ARE TEH HAWTNESS
SCALING BUILT IN
PAY FOR WHAT YOU USE IN 100MS INCREMENTS
WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER
LEAN STARTUP FRIENDLY
GREAT, WHAT'S THE CATCH?
OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)
STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS
RELIABILITY
SERVERLESS USE CASES
RUN A WEB APPLICATION
SECURITY IS THE SAME AND DIFFERENT
WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK
SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES
LETS TRY A SAMPLE APPLICATION IN AWS
SURFACE AREA REDUCTION!
SURFACE AREA EXPANSION!
USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES
INTEGRATION TESTING
Application layer
TIMEOUTS AND EXECUTION RESTRICTIONS
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are just emerging • Security with serverless is easier Security with serverless is harder


Taught by

LASCON

Related Courses

Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX Cloud Computing
Indian Institute of Technology, Kharagpur via Swayam Elastic Cloud Infrastructure: Containers and Services en Español
Google Cloud via Coursera Kyma – A Flexible Way to Connect and Extend Applications
SAP Learning Modernize Infrastructure and Applications with Google Cloud
Google Cloud via Coursera