Serverless technologies, such as Google Cloud Functions, can decrease cost and increase deployment velocity, while alleviating the burdens of infrastructure management. However, as a new application development method, new security and compliance requirements arise which are enhanced through a dedicated approach.

In addition to a dedicated serverless security solution, there are many best practices your organization can employ to reduce your attack surface and tackle Google Cloud Security issues.

Secure Application Dependencies

Google Cloud Functions often include dependencies brought in from repositories such as npm (Node.js), PyPI (Python), Maven (Java). Securing application dependencies is crucial. Access to a good database and automated tools are vital components of cloud functions security.

Make Securing Google Cloud Functions Everyone’s Problem

The traditional AppSec approach takes time and can slow things down, negating the serverless benefit of rapid feature deployment. Developers can’t possibly keep up with the hyper-accelerated velocity they themselves created if they need to wait on security to open ports, IAM roles, or security groups for them. While security pros don’t want to get in the way of the developers, they still need the ability to control policy and visibility.

The Shared Responsibility Model of DevSecOps

The solution is to make it everyone’s problem by creating cross-functional teams. Forge close partnerships and achieve tight integration between developers, DevOps, and AppSec. Find the balance where developers don’t own security, but they aren’t absolved from responsibility either. Collaborate and get security into your CI/CD pipeline so you can resolve security risks at the speed of serverless.

Observe Serverless Application Behavior and Detect Attacks

Discovering and visualizing the behavior and flow of your Google compute engine can be challenging. Serverless infrastructure is comprised of code, and runtime environment, all interacting to generate billions of data points. It is important to understand normal application and function behavior in order to detect and stop application layer attacks such as the Serverless OWASP Top 10. Effectively and promptly detecting attacks requires continuous monitoring to compile application signals and generate information that’s more useful than 10,000 anomalies.

New Google Cloud Functions Security Issues Include Targets for Building Botnets

As shown in a video and detailed in a report, we built a prototype serverless botnet on Google compute engine platform. However, this sort of attack can be carried out in more or less the same way on all private and public cloud infrastructures. The goal of this prototype is to demonstrate the viability of this approach and explore design choices that attackers might make. These insights help drive development for securing google cloud functions.

Automate Google Cloud Function Security with Protego

The Protego Serverless Security Platform automates serverless application security from development to runtime. Protego Proact integrates into existing CI/CD processes to save developers & DevSecOps time by automating application hardening. Protego analyzes function code, detects configuration risks, and automatically generates least-privilege function permissions. Additionally, Protego continually scans functions for known vulnerabilities and embedded secrets, ensuring your applications are not exposed to attacks.

Protego Defend, provides seamless runtime application security. Utilizing deep learning algorithms, Protego builds a model of normal application and function behavior, including automatic creation of a white list of actions on a resource level. Protego’s Function Self Protection detects, alerts, and stops application layer attacks such as the Serverless OWASP Top 10.