Monitoring and alerting tools are all about providing you with clear visibility into your serverless application. But how can you actually leverage visibility as a means of control over your serverless app security? And what part does timing play in this? To answer this question and more, we got Hillel Solow, CTO & Co-Founder here at Protego and Erez Berkner, CEO of Lumigo to discuss all the latest topics in cloud-native and serverless.
This old saying goes to a greater extent in serverless environments, mainly because of the large number of moving parts. Microservices interacting with each other makes it much harder to control security, and visibility can help a great deal with that in different ways. One of them is boundaries – you need to control your security zones. When dealing with hundreds of services, making sure security zones are kept in place is harder than ever. If in the past one could just put a WAF in front of an application, today a more granular approach is required in order to make sure security boundaries are kept while agility is not impeded.
Erez told a story about a client that on-boarded Lumigo and immediately saw a digital map of his architecture, and noticed that some services from production are accessing non-production services. This, of course, is a different security zone that they shouldn’t cross. This story is one example of how visibility can show you that you’re crossing security zones. Erez also added that if the specific customer had Protego to start with, they probably wouldn’t have had this issue because Protego would segment the different services according to the right policies.
Another aspect of visibility as a means for better security is the denial-of-service conundrum. The infinite scalability of serverless (or presumed infinite scalability) means you won’t have a disruption of service. Instead, you will encounter denial-of-wallet. That means a huge amount of costs serving all of the application’s distributed requests. What this means is your service will not go down – but you will be paying $1,000 for a specific set of AWS Lambdas due to a large number of requests. One of the things that Lumigo and other monitoring services provide is alerts on cost abnormalities. For example, if costs surge in the last hour 100 times than what it used to be in the last 24 hours or week, the client is notified immediately.
Hillel raised a point of the fact that one of the most important things in visibility as means of security is the timing, and as such, it means alerts must be set – especially in serverless environments. Reality is knowing what to set-up, whether it’s set-up right and setting it up all in time to monitor different resources in a way that makes sense is extremely difficult to do manually. You might end up either not doing it or in need of some sort of tool which understands the context of a serverless environment, and knows how to prebuild the kinds of alerts that make sense to your application. This is why it is important to use monitoring and alerting tools as well as serverless security tools that will help you automate this process, to make sure you have full and passive visibility to your serverless application.