Serverless is the design pattern for writing applications at scale without the necessity of managing infrastructure. This is done across the continuum of the cloud—from storage as a service to database as a service—but the center of serverless is functions as a service (FaaS). (Current FaaS offerings include AWS Lambda, Azure Functions, and Google Cloud Functions.) Now processes run for milliseconds before being destroyed and then get instantiated for subsequent requests.
Serverless adds simplicity and a new economic model to cloud computing, but it creates some unique security challenges. In serverless architectures, technologies like antivirus and intrusion detection become meaningless. James Wickett explores practical security approaches for serverless in four key areas—the software supply chain, the delivery pipeline, data flow, and attack detection—and examines how traditional approaches need to be adapted to serverless.
Even if you don’t have any experience with serverless, don’t worry; this session starts with the basics. You’ll learn what serverless is (hint: it’s still being defined) and practical patterns for serverless adoption.
James Wickett is head of research at Signal Sciences, where he works at the intersection of the DevOps and security communities. James is a supporter of the Rugged Software and Rugged DevOps movements. Seeing the gap in software testing, James founded Gauntlt, an open source project, to serve as a Rugged testing framework. He is the author of Hands-on Gauntlt and DevOps Fundamentals on Lynda.com. James got his start in technology when he founded a startup as a student at the University of Oklahoma. He has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. He is a dynamic speaker on topics in DevOps, infosec, cloud security, security testing, Rugged DevOps, and serverless. James is the creator and founder of the Lonestar Application Security Conference, the largest annual security conference in Austin, Texas. He also runs DevOps Days Austin and is on the global DevOps Days board. James holds several security certifications, including CISSP and GWAPT. In his spare time, he’s trying to learn how to make a perfect BBQ brisket.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com