Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case, we will highlight an IoT company struggling with perimeterless security in a serverless environment, their security driver, solution & ultimate results
Perimeterless Security – The Challenge
A large IoT company had millions of sensors and actuators deployed in the field and connected via a cloud based IoT infrastructure. The company developed a serverless backend to enable a highly-scalable system and reduce operational costs. This move prompted a security review, which raised a key issue: the current WAF-based perimeter security solution was unlikely to provide sufficient security, both due to the challenge of properly deploying and scaling a WAF in front of various IoT cloud resources, and because WAFs are relatively blind to new non-HTTP protocols these devices speak.
To deal with perimeterless security in serverless the team selected Protego’s automatic code-centric solution for runtime defense . This allowed the security team to:
- Adopt a zero-trust model for each workload individually, validating each interaction within and between workloads
- Apply security to workloads to protect transactions in context, regardless of what network or protocol they use
- Secure workloads with no manual configuration
By applying automatic perimeterless security the organization was able to release new functionality on schedule while:
- The application was continuously protected from malicious attacks regardless of the protocol and ingress vector, and with zero manual configurations.
- Operational costs were reduced due to automating the security process and eliminating the need for manual configurations.
Enable Protego Proact during CI/CD to improve security posture before functions get deployed, and make sure developers are doing the right thing from the start. This enables a complete shift left and minimizes risky deployments.