Security in the New World of Containers and Serverless
While microservices make it simpler to build and update applications running anywhere at scale, they also increase the size of an attack surface that needs to be defended. Instead of just one monolithic application to defend, each application is made up of a number of microservices. And those microservices are made up of containers.
Containers are problematic from a security perspective because the application code that resides inside the function has to be secured much like code that would be deployed inside a container or on a virtual machine.
A lot of the responsibility for making containers secure falls on the developers because they have to embed security policies into the development and deployment of every application.
But given the sheer number of functions and containers that might be deployed across an enterprise, it’s difficult for developers to keep pace with all the changes to the network.
Likewise, security in a serverless environment is also challenging because the developer of the application isn’t usually aware of how much memory and storage might be available. That means that developers are increasingly going to need to develop security expertise along with their programming skills.