SlideShare uma empresa Scribd logo

Measures to ensure Cyber Security in a serverless environment

Transferir como PPTX, PDF
F
Fibonalabs

A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure. It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits.

Tecnologia
1 de 16
Measures to ensure Cyber Security in a serverless environment https://fibonalabs.com/
There is a lot that can be said and written when it comes to cyber security. But in the past few years, this game has completely changed with the increased remote setup and the uncertainty till which it will continue. Cyber Security in business has taken a different path altogether. How good it will be to learn about the measures that can be taken to ensure Cyber Security in a serverless environment. Serverless Environment: Brief Introduction A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure.
It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits: 1. It saves the cost of setting up a proper physical server and its maintenance. 2. The overall cost is reduced. 3. It fastens the process of deployment and updates. 4. The serverless environment is wide and expandable to a great extent. Apart from this, you can have other benefits such as: ● It saves a lot of time in terms of commuting.
● You can work anywhere around the world irrespective of your office’s location. ● It gives you the flexibility of making any place your home (of course abiding by your organization’s rules). Serverless Environment: Cyber Security Threats In a serverless environment, vulnerabilities of attack increase to a great extent which is an indication of taking quick and advanced actions to ensure cyber security in a business. Let’s have a look at some of the cyber security threats in a serverless environment.
● Injection Flaws: The most common cause of cyber security threats is function event-data injection. Unlike web environments, in serverless environments, it is difficult to figure out secure and non-trusted paths. In such cases, the interpreter takes untrusted information and executes it. This makes the whole environment quite vulnerable to attacks. The most common examples of injection flaws in a serverless environment are: 1. Function run time code injection (happens in node.js/javascript, python, C##, Java, etc.) 2. SQL injection
● Authentication Gets Broken: In a serverless environment, exist a number of functions as it is a microservices-type environment. Now each of these functions is not completely secure as they can promote exposure of public web APIs. Some of them can act as proxy functions for various processes thus exposing the entry points of the environment and posing a great threat to cyber security. ● Incorrect Configuration Settings: As we all know that the concept of a serverless environment is not very old, hence, it is still a learning curve for computer architects and engineers to set a properly configured
This may lead to misconfiguration or incorrect configuration of the environment, which in turn increases the risk of loopholes that can compromise cyber security. ● Granting High-Level Permissions: Giving high-level permissions for accessing confidential data via a serverless environment is another way of inviting threats. This could result in the mishandling of information by performing unintended operations such as “executing system function”.
● Improper Monitoring of Logs: Though most organizations make it a point to constantly monitor the logs/activities of users, especially in a serverless environment, it is quite possible that they lag behind in it. As monitoring of logs is done in real-time, missing out on any suspicious activity can result in a mismatched audit trail, thus increasing the risk of cyber-attacks. ● Untrusted Third-Party Dependencies: With the latest open-source frameworks, app development has become easier, but it has also made the serverless environment vulnerable. It takes just a small code to inject a virus while a developer is calling a third-party service through API calls.
Now, let’s have a look at the measures to strengthen it. How to Make a Serverless Environment More Reliable? Several measures have been taken by organizations to ensure maximum cyber security in a business. Some of the most remarkable ones are listed below: ● Permission at Every Step: As mentioned above, granting high-level permission makes the environment more vulnerable to threats. Hence, introducing permissions at every function helps in the micromanagement of cyber security. The more restrictions are imposed on the usage of
● Checking Every Bit of Data Carefully: No matter how reliable the source of data is, we should keep checks at every point by properly evaluating every program and every line of code. It goes without saying that even the finest developers can miss damages like file intrusion attacks, so evaluation at even the smallest step is compulsory. ● Collection of Real-time Security Events: It is highly recommended by experts to have proper data monitoring of real-time security events. This helps in detecting threats and stopping them at a very initial stage.
Taking advantage of AWS services like AWS X-Ray, Amazon CloudTrail, and Amazon CloudWatch is a great option to avail of third-party security services. ● Frequent Risk Assessment: A serverless environment can expose confidential data through various functions. Therefore, it is important to conduct risk assessment exercises on a regular basis. Further, data encryption tightens the boundaries for any sort of cyber-attack. ● Introduce Secure Authentication: Make full use of enormously beneficial tools like Microsoft’s Azure AD. These tools help in creating a complex
You can also enforce steps that can nullify the effect of a potential threat. ● Privatization of API Gateways: You can set a limit for the number of clients to access your API gateways. The smaller the number of clients the less vulnerable API gateways will become. Hence, make these gateways are private and completely deprived of any sort of cyber-attack. Apart from these measures, there are general safeguarding techniques, like training of staff, endpoint protection, continuous data backup, usage of secured Wi-Fi connection, etc. that encourage cyber security in a business.
THANK YOU

Recomendados

Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Securing serverless system
Securing serverless systemSecuring serverless system
Securing serverless systemNUS-ISS
 

Recomendados

Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Securing serverless system
Securing serverless systemSecuring serverless system
Securing serverless systemNUS-ISS
 
Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless SystemsVincent Lau
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfCraw Cyber Security
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxQACraft
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationEmbitel Technologies (I) PVT LTD
 
Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSFibonalabs
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyFibonalabs
 

Mais conteúdo relacionado

Semelhante a Measures to ensure Cyber Security in a serverless environment

Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless SystemsVincent Lau
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfCraw Cyber Security
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxQACraft
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 

Semelhante a Measures to ensure Cyber Security in a serverless environment (20)

Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless Systems
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdf
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data Security
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdf
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud Application
 

Mais de Fibonalabs

Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSFibonalabs
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyFibonalabs
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?Fibonalabs
 
Simplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseSimplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseFibonalabs
 
How to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunHow to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunFibonalabs
 
Different Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsDifferent Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsFibonalabs
 
How Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerHow Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerFibonalabs
 
How to make React Applications SEO-friendly
How to make React Applications SEO-friendlyHow to make React Applications SEO-friendly
How to make React Applications SEO-friendlyFibonalabs
 
10 Heuristic Principles
10 Heuristic Principles10 Heuristic Principles
10 Heuristic PrinciplesFibonalabs
 
Push Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppPush Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppFibonalabs
 
Key Skills Required for Data Engineering
Key Skills Required for Data EngineeringKey Skills Required for Data Engineering
Key Skills Required for Data EngineeringFibonalabs
 
Ways for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterWays for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterFibonalabs
 
Factors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFactors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFibonalabs
 
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Fibonalabs
 
Cloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsCloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsFibonalabs
 
Choose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessChoose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessFibonalabs
 
Atomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIAtomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIFibonalabs
 
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Fibonalabs
 
7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User ExperienceFibonalabs
 
Moving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowMoving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowFibonalabs
 

Mais de Fibonalabs (20)

Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJS
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design Strategy
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?
 
Simplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseSimplifying CRUD operations using budibase
Simplifying CRUD operations using budibase
 
How to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunHow to implement Micro-frontends using Qiankun
How to implement Micro-frontends using Qiankun
 
Different Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsDifferent Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At Fibonalabs
 
How Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerHow Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design Partner
 
How to make React Applications SEO-friendly
How to make React Applications SEO-friendlyHow to make React Applications SEO-friendly
How to make React Applications SEO-friendly
 
10 Heuristic Principles
10 Heuristic Principles10 Heuristic Principles
10 Heuristic Principles
 
Push Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppPush Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter App
 
Key Skills Required for Data Engineering
Key Skills Required for Data EngineeringKey Skills Required for Data Engineering
Key Skills Required for Data Engineering
 
Ways for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterWays for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & Better
 
Factors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFactors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX Design
 
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
 
Cloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsCloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and Tips
 
Choose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessChoose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful Business
 
Atomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIAtomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UI
 
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
 
7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience
 
Moving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowMoving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should Know
 

Último

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Último (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Measures to ensure Cyber Security in a serverless environment

  • 1. Measures to ensure Cyber Security in a serverless environment https://fibonalabs.com/
  • 2.
  • 3. There is a lot that can be said and written when it comes to cyber security. But in the past few years, this game has completely changed with the increased remote setup and the uncertainty till which it will continue. Cyber Security in business has taken a different path altogether. How good it will be to learn about the measures that can be taken to ensure Cyber Security in a serverless environment. Serverless Environment: Brief Introduction A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure.
  • 4. It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits: 1. It saves the cost of setting up a proper physical server and its maintenance. 2. The overall cost is reduced. 3. It fastens the process of deployment and updates. 4. The serverless environment is wide and expandable to a great extent. Apart from this, you can have other benefits such as: ● It saves a lot of time in terms of commuting.
  • 5. ● You can work anywhere around the world irrespective of your office’s location. ● It gives you the flexibility of making any place your home (of course abiding by your organization’s rules). Serverless Environment: Cyber Security Threats In a serverless environment, vulnerabilities of attack increase to a great extent which is an indication of taking quick and advanced actions to ensure cyber security in a business. Let’s have a look at some of the cyber security threats in a serverless environment.
  • 6. ● Injection Flaws: The most common cause of cyber security threats is function event-data injection. Unlike web environments, in serverless environments, it is difficult to figure out secure and non-trusted paths. In such cases, the interpreter takes untrusted information and executes it. This makes the whole environment quite vulnerable to attacks. The most common examples of injection flaws in a serverless environment are: 1. Function run time code injection (happens in node.js/javascript, python, C##, Java, etc.) 2. SQL injection
  • 7. ● Authentication Gets Broken: In a serverless environment, exist a number of functions as it is a microservices-type environment. Now each of these functions is not completely secure as they can promote exposure of public web APIs. Some of them can act as proxy functions for various processes thus exposing the entry points of the environment and posing a great threat to cyber security. ● Incorrect Configuration Settings: As we all know that the concept of a serverless environment is not very old, hence, it is still a learning curve for computer architects and engineers to set a properly configured
  • 8. This may lead to misconfiguration or incorrect configuration of the environment, which in turn increases the risk of loopholes that can compromise cyber security. ● Granting High-Level Permissions: Giving high-level permissions for accessing confidential data via a serverless environment is another way of inviting threats. This could result in the mishandling of information by performing unintended operations such as “executing system function”.
  • 9.
  • 10. ● Improper Monitoring of Logs: Though most organizations make it a point to constantly monitor the logs/activities of users, especially in a serverless environment, it is quite possible that they lag behind in it. As monitoring of logs is done in real-time, missing out on any suspicious activity can result in a mismatched audit trail, thus increasing the risk of cyber-attacks. ● Untrusted Third-Party Dependencies: With the latest open-source frameworks, app development has become easier, but it has also made the serverless environment vulnerable. It takes just a small code to inject a virus while a developer is calling a third-party service through API calls.
  • 11. Now, let’s have a look at the measures to strengthen it. How to Make a Serverless Environment More Reliable? Several measures have been taken by organizations to ensure maximum cyber security in a business. Some of the most remarkable ones are listed below: ● Permission at Every Step: As mentioned above, granting high-level permission makes the environment more vulnerable to threats. Hence, introducing permissions at every function helps in the micromanagement of cyber security. The more restrictions are imposed on the usage of
  • 12. ● Checking Every Bit of Data Carefully: No matter how reliable the source of data is, we should keep checks at every point by properly evaluating every program and every line of code. It goes without saying that even the finest developers can miss damages like file intrusion attacks, so evaluation at even the smallest step is compulsory. ● Collection of Real-time Security Events: It is highly recommended by experts to have proper data monitoring of real-time security events. This helps in detecting threats and stopping them at a very initial stage.
  • 13. Taking advantage of AWS services like AWS X-Ray, Amazon CloudTrail, and Amazon CloudWatch is a great option to avail of third-party security services. ● Frequent Risk Assessment: A serverless environment can expose confidential data through various functions. Therefore, it is important to conduct risk assessment exercises on a regular basis. Further, data encryption tightens the boundaries for any sort of cyber-attack. ● Introduce Secure Authentication: Make full use of enormously beneficial tools like Microsoft’s Azure AD. These tools help in creating a complex
  • 14. You can also enforce steps that can nullify the effect of a potential threat. ● Privatization of API Gateways: You can set a limit for the number of clients to access your API gateways. The smaller the number of clients the less vulnerable API gateways will become. Hence, make these gateways are private and completely deprived of any sort of cyber-attack. Apart from these measures, there are general safeguarding techniques, like training of staff, endpoint protection, continuous data backup, usage of secured Wi-Fi connection, etc. that encourage cyber security in a business.
  • 15.