Serverless computing is gaining momentum among developers. Mid-level software engineers are building applications that deliver at the scale and business value that used to require a few senior architects to help design. These are exciting times for software developers who might not fully appreciate the complexity of capacity planning, infrastructure design, orchestrated automation, and compliance auditing.
In a shared security model commonly found in the public cloud, the benefits of making underlying compute infrastructure ephemeral are a welcome change to most DevOps teams. However, to believe there are fewer security problems with serverless applications would be an unwise assumption. Security problems still exist with serverless, but our focus needs to shift particularly to the world of application programming interfaces (APIs) where sensitive data is prominently transferred in these modern application designs. We will provide some basics around serverless applications and some of their top API security needs.
