Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case, we will highlight an IoT company struggling with perimeterless security in a serverless environment, their security driver, solution & ultimate results
A large IoT company had millions of sensors and actuators deployed in the field and connected via a cloud based IoT infrastructure. The company developed a serverless backend to enable a highly-scalable system and reduce operational costs. This move prompted a security review, which raised a key issue: the current WAF-based perimeter security solution was unlikely to provide sufficient security, both due to the challenge of properly deploying and scaling a WAF in front of various IoT cloud resources, and because WAFs are relatively blind to new non-HTTP protocols these devices speak.
To deal with perimeterless security in serverless the team selected Protego’s automatic code-centric solution for runtime defense . This allowed the security team to:
By applying automatic perimeterless security the organization was able to release new functionality on schedule while:
Enable Protego Proact during CI/CD to improve security posture before functions get deployed, and make sure developers are doing the right thing from the start. This enables a complete shift left and minimizes risky deployments.