Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams - each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works …
Amazon continues to build new capabilities into its serverless operational mode and has launched container image support in AWS Lambda. It enables packaging and deploying Lambda functions as container images. Building on our strong partnership with AWS and our desire to offer the most complete cloud-native security …
With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by nature, …
In order to protect serverless functions while they are running, you need to consider the very short execution times and ensure that you’re not slowing down applications or increasing cloud usage costs. In Aqua CSP 4.2, we’ve now introduced advanced runtime protection that does just that, while complementing our …
Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes/Cloud Native community. It’s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy to …
Serverless is generating significant interest and hype, backed up by real-world adoption, and creating a need for better security controls. I've been working with our customers to create the right approach and tooling to protect their FaaS environments ,and from this research, given the extremely short duration of …
Infrastructure protection, sandboxed containers, MicroVM hypervisors– these are interchangeable terms describing emerging technologies to isolate micro-services from their underlying infrastructure. These isolation technologies aim to protect the underlying host that runs containers and functions against malicious …
In my previous blog, I discussed the serverless services spectrum and the unique security considerations of serverless functions. In this post, I’d like to elaborate on the importance of preliminary risk assessment checks and their contribution to an effective security strategy, based on lessons learned in …
Istio, Google’s open source project for large scale, containerized application management was released in May 2017 and has undergone rapid development since then, culminating in the landmark 1.0 release in July 2018. In this blog post we will be exploring what Istio is, how it works and how to adopt it. In subsequent …
Cloud native workloads terminology is used a lot these days to describe new technologies and deployment models of applications in the cloud universe. Serverless is a notable example of such cloud native-workloads: it prioritizes simplicity and agility over compatibility, control, and performance SLAs. It’s a …
One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.
We recently …