IoT (Internet of Things) has been an early adopter to serverless deployments. There are several reasons for choosing to deploy serverless IoT, including:
- When building out a scalable cloud-based backend for IoT monitoring and control, issues of scalability and availability can be difficult to solve. IoT networks often comprise tens, or even hundreds of millions of nodes, across diverse geographies, and moving to serverless shifts this burden over to the cloud providers.
- IoT networks often have highly variable loads. Certain hours of the day or events may trigger a large number of devices to become active. For example, connected TVs are busy at 8pm; thermostats at 5pm; security cameras when it’s windy. Traditional scaling is not only complicated and labor intensive, but it is costly. IoT services often run lots of idle machines waiting for the deluge to start. Building these services with a serverless architecture allows customers to pay for exactly what they consume, and not for all that is idle.
- The software driving and enabling IoT services typically starts simple, but rapidly adds features. Adopting serverless methodologies allows organizations to focus on their core business value, rather than on IT orchestration and maintenance.
In 2015, we launched our first connected Roomba. We had a business that was at scale making devices, so we had to have a cloud application for connected devices that would easily scale up and keep the risk as low as possible. In my opinion, serverless enabled us to essentially leapfrog the scalable cloud technology learning that we would have needed if we went with a traditional architecture. Instead, we’re using fully-managed services from AWS that allows us to focus on providing features to our customers rather than focusing on the scalability of the technologies that we’re using. That’s being handled all by the service provider.
Ben Kehoe, iRobot
Serverless Security for IoT
The shift to a serverless IoT Cloud ushers in several key security opportunities and challenges that organizations need to address and embrace:
- IoT cloud services are typically built of 50-100 serverless functions, each handling some specific interaction with a user or a device. For each function, it is imperative that IoT serverless security enforce least privilege. This ensures that each of these functions can access only the services and actions it requires, drastically shrinking the attack surface, and reducing blast radius should an attack occur.
- The move to new protocols and topologies that make using and getting value out of a traditional application security tools like web application firewalls (WAF) challenging. Often these devices communicate over new protocols and services where cloud-based WAFs can easily be deployed and scaled. The use of services, like AWS IoT, or protocols like GraphQL, for example, are common in IoT developments.
- Given the high volumes that IoT services can incur, it’s crucial that serverless security for IoT is in place to prevent attacks, and that the runtime defense incur virtually zero overhead on the application. Even an extra 50 milliseconds spent per-request on security can have significant impact on application performance and cost.
Protego for Serverless IoT Security
Protego’s cloud-native application security solution is built ground-up to take advantage of the security opportunities serverless affords, and to reimagine the way AppSec is done at the speed of serverless. For healthcare and medical technology serverless cloud applications, there are several features of the solution that help make these applications far more secure than their serverful counterparts.
- Protego enables deployment of customized policies across the account that enables assurance of compliance to HIPAA and GDPR. The policies are applied during development, inside the CI/CD pipeline, during staging and testing, and in production in the cloud.
- Protego Proact automates the process of applying least-privilege to all serverless function in the healthcare application while still empowering application developers to move at the speed of serverless.
- Protego Defend provides a behavioral defense solution that seamlessly and automatically protects serverless functions, with nearly no overhead in function performance. This automatically protects functions from known and unknown attacks.