Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case, we will highlight an IoT company struggling with perimeterless security in a serverless environment, their security driver, solution & ultimate results

Perimeterless Security – The Challenge use case: perimeterless security

A large IoT company had millions of sensors and actuators deployed in the field and connected via a cloud based IoT infrastructure. The company developed a serverless backend to enable a highly-scalable system and reduce operational costs. This move prompted a security review, which raised a key issue: the current WAF-based perimeter security solution was unlikely to provide sufficient security, both due to the challenge of properly deploying and scaling a WAF in front of various IoT cloud resources, and because WAFs are relatively blind to new non-HTTP protocols these devices speak.

The Solution

To deal with perimeterless security in serverless the team selected Protego’s automatic code-centric solution for runtime defense . This allowed the security team to:

  • Adopt a zero-trust model for each workload individually, validating each interaction within and between workloads
  • Apply security to workloads to protect transactions in context, regardless of what network or protocol they use
  • Secure workloads with no manual configuration

The Results

By applying automatic perimeterless security the organization was able to release new functionality on schedule while: 

  • The application was continuously protected from malicious attacks regardless of the protocol and ingress vector, and with zero manual configurations. 
  • Operational costs were reduced due to automating the security process and eliminating the need for manual configurations. 

What’s Next?

Enable Protego Proact during CI/CD to improve security posture before functions get deployed, and make sure developers are doing the right thing from the start. This enables a complete shift left and minimizes risky deployments. 

Share This Article
Share on facebook
Share on linkedin
Share on twitter
Share on email
THE SERVERLESS
SMARTS PODCAST
THE SERVERLESS
SMARTS PODCAST

Join industry experts as they discuss all things serverless including industry news and best practice tips.

podcast_image