IoT (Internet of Things) has been an early adopter to serverless deployments. There are several reasons for choosing to deploy serverless IoT, including:
- When building out a scalable cloud-based backend for IoT monitoring and control, issues of scalability and availability can be difficult to solve. IoT networks often comprise tens, or even hundreds of millions of nodes, across diverse geographies, and moving to serverless shifts this burden over to the cloud providers.
- IoT networks often have highly variable loads. Certain hours of the day or events may trigger a large number of devices to become active. For example, connected TVs are busy at 8pm; thermostats at 5pm; security cameras when it’s windy. Traditional scaling is not only complicated and labor intensive, but it is costly. IoT services often run lots of idle machines waiting for the deluge to start. Building these services with a serverless architecture allows customers to pay for exactly what they consume, and not for all that is idle.
- The software driving and enabling IoT services typically starts simple, but rapidly adds features. Adopting serverless methodologies allows organizations to focus on their core business value, rather than on IT orchestration and maintenance.
In 2015, we launched our first connected Roomba. We had a business that was at scale making devices, so we had to have a cloud application for connected devices that would easily scale up and keep the risk as low as possible. In my opinion, serverless enabled us to essentially leapfrog the scalable cloud technology learning that we would have needed if we went with a traditional architecture. Instead, we’re using fully-managed services from AWS that allowS us to focus on providing features to our customers rather than focusing on the scalability of the technologies that we’re using. That’s being handled all by the service provider.
Serverless Security for IoT
The shift to a serverless IoT Cloud ushers in several key security opportunities and challenges that organizations need to address and embrace:
- IoT cloud services are typically built of 50-100 serverless functions, each handling some specific interaction with a user or a device. For each function, it is imperative that IoT serverless security enforce least privilege. This ensures that each of these functions can access only the services and actions it requires, drastically shrinking the attack surface, and reducing blast radius should an attack occur.
- The move to new protocols and topologies that make using and getting value out of a traditional application security tools like web application firewalls (WAF) challenging. Often these devices communicate over new protocols and services where cloud-based WAFs can easily be deployed and scaled. The use of services, like AWS IoT, or protocols like GraphQL, for example, are common in IoT developments.
- Given the high volumes that IoT services can incur, it’s crucial that serverless security for IoT is in place to prevent attacks, and that the runtime defense incur virtually zero overhead on the application. Even an extra 50 milliseconds spent per-request on security can have significant impact on application performance and cost.
Protego for Serverless IoT Security
Protego’s cloud-native application security solution has been built ground-up to take advantage of the security opportunities serverless affords, and to reimagine the way AppSec is done at the speed of serverless. For IoT serverless cloud applications, there are several features of the solution that help make serverless IoT applications far more secure than their serverful counterparts.
- Protego Proact automates the process of posture assurance at dev, CI/CD and production. For IoT applications, Protego ensures that all functions are running with least privilege while empowering developers to move as fast as they need to.
- Protego Defend provides a runtime defense solution that has been designed to seamlessly and automatically protect serverless functions, with nearly no overhead in function duration and function resource consumption. This means your IoT security doesn’t come at the cost of performance degradation.
- Protego’s solutions easily scale up and down as your applications do, all the while protecting your applications for known and unknown security risks, no matter what input and protocol you’re using.