Common FaaS & IaaS Security Concerns
As more and more organizations are moving towards a serverless or Function as a Service (FaaS) architecture and framework, understanding how this affects security is essential. There are both pros and cons to implementing a serverless solution from a security perspective. This lesson will look at both the benefits and the negatives when adopting a FaaS solution and how this affects the safeguarding of your data.
Learning Objectives
By the end of this lesson, you will
- Understand and be able to distinguish between the pros and cons of serverless security
- Understand where to focus additional security controls in a FaaS solution
- Have a general overview of how security differs to that of a typical IaaS solution
Intended Audience
This content in this lesson would be beneficial to:
- Engineers who are focused on delivering secure serverless solutions within an enterprise environment
- Security architects looking to enhance their knowledge of FaaS solutions
- Developers deploying applications within a serverless environment
Prerequisites
As a prerequisite of this lesson you should have a basic knowledge and awareness of the following:
- A general understanding of what Serverless means
- Understand what FaaS and IaaS relates to
- A basic awareness of different attack vectors, such as DoS
- AWS Lambda
- Amazon Cognito
- Amazon API Gateway
- Security controls within IAM
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 250+ courses relating to cloud computing reaching over 1 million+ students.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.