What is Serverless?
“Serverless” computing refers to a cloud-computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. And yes, it is technically a misnomer since there are still servers involved. AWS Lambda Functions, Google Cloud Functions, and Azure Functions are examples of services that can be used to build serverless applications.
A serverless architecture provides you the benefit of automated, nearly infinite scaling. Very little stands between developers and deployed code, which speeds time to market and makes it easier to maintain and test individual functions. Finally, pricing is based on the actual amount of resources consumed by an application. You pay only for what you use, resulting in lower costs.
Serverless represents an additional shift of responsibilities from the customer to the cloud provider. No infrastructure is involved, and you get it out of the box, resulting in a significant decrease in the operations overhead.
Shifting infrastructure management to your cloud provider enables you to focus on developing solutions to serve your organization and customers. It helps you maintain focus on your unique competitive advantages. This shift frequently results in cost-savings not just on compute, but also from shifting operations people to development.
“Are Serverless Applications Secure?”
The answer, as with so many questions in life, is a definitive, “It depends.” This is a new application paradigm, and there are benefits to serverless architectures which make them inherently more secure. However, there are also new risks and challenges that need to be mitigated. Read more in our Serverless Security Guide to learn why serverless security is different, and why traditional AppSec tools are inadequate and less relevant.