SlideShare ist ein Scribd-Unternehmen logo

Measures to ensure Cyber Security in a serverless environment

Als PPTX, PDF herunterladen
F
Fibonalabs

A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure. It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits.

Technologie
1 von 16
Measures to ensure Cyber Security in a serverless environment https://fibonalabs.com/
There is a lot that can be said and written when it comes to cyber security. But in the past few years, this game has completely changed with the increased remote setup and the uncertainty till which it will continue. Cyber Security in business has taken a different path altogether. How good it will be to learn about the measures that can be taken to ensure Cyber Security in a serverless environment. Serverless Environment: Brief Introduction A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure.
It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits: 1. It saves the cost of setting up a proper physical server and its maintenance. 2. The overall cost is reduced. 3. It fastens the process of deployment and updates. 4. The serverless environment is wide and expandable to a great extent. Apart from this, you can have other benefits such as: ● It saves a lot of time in terms of commuting.
● You can work anywhere around the world irrespective of your office’s location. ● It gives you the flexibility of making any place your home (of course abiding by your organization’s rules). Serverless Environment: Cyber Security Threats In a serverless environment, vulnerabilities of attack increase to a great extent which is an indication of taking quick and advanced actions to ensure cyber security in a business. Let’s have a look at some of the cyber security threats in a serverless environment.
● Injection Flaws: The most common cause of cyber security threats is function event-data injection. Unlike web environments, in serverless environments, it is difficult to figure out secure and non-trusted paths. In such cases, the interpreter takes untrusted information and executes it. This makes the whole environment quite vulnerable to attacks. The most common examples of injection flaws in a serverless environment are: 1. Function run time code injection (happens in node.js/javascript, python, C##, Java, etc.) 2. SQL injection
● Authentication Gets Broken: In a serverless environment, exist a number of functions as it is a microservices-type environment. Now each of these functions is not completely secure as they can promote exposure of public web APIs. Some of them can act as proxy functions for various processes thus exposing the entry points of the environment and posing a great threat to cyber security. ● Incorrect Configuration Settings: As we all know that the concept of a serverless environment is not very old, hence, it is still a learning curve for computer architects and engineers to set a properly configured
This may lead to misconfiguration or incorrect configuration of the environment, which in turn increases the risk of loopholes that can compromise cyber security. ● Granting High-Level Permissions: Giving high-level permissions for accessing confidential data via a serverless environment is another way of inviting threats. This could result in the mishandling of information by performing unintended operations such as “executing system function”.
● Improper Monitoring of Logs: Though most organizations make it a point to constantly monitor the logs/activities of users, especially in a serverless environment, it is quite possible that they lag behind in it. As monitoring of logs is done in real-time, missing out on any suspicious activity can result in a mismatched audit trail, thus increasing the risk of cyber-attacks. ● Untrusted Third-Party Dependencies: With the latest open-source frameworks, app development has become easier, but it has also made the serverless environment vulnerable. It takes just a small code to inject a virus while a developer is calling a third-party service through API calls.
Now, let’s have a look at the measures to strengthen it. How to Make a Serverless Environment More Reliable? Several measures have been taken by organizations to ensure maximum cyber security in a business. Some of the most remarkable ones are listed below: ● Permission at Every Step: As mentioned above, granting high-level permission makes the environment more vulnerable to threats. Hence, introducing permissions at every function helps in the micromanagement of cyber security. The more restrictions are imposed on the usage of
● Checking Every Bit of Data Carefully: No matter how reliable the source of data is, we should keep checks at every point by properly evaluating every program and every line of code. It goes without saying that even the finest developers can miss damages like file intrusion attacks, so evaluation at even the smallest step is compulsory. ● Collection of Real-time Security Events: It is highly recommended by experts to have proper data monitoring of real-time security events. This helps in detecting threats and stopping them at a very initial stage.
Taking advantage of AWS services like AWS X-Ray, Amazon CloudTrail, and Amazon CloudWatch is a great option to avail of third-party security services. ● Frequent Risk Assessment: A serverless environment can expose confidential data through various functions. Therefore, it is important to conduct risk assessment exercises on a regular basis. Further, data encryption tightens the boundaries for any sort of cyber-attack. ● Introduce Secure Authentication: Make full use of enormously beneficial tools like Microsoft’s Azure AD. These tools help in creating a complex
You can also enforce steps that can nullify the effect of a potential threat. ● Privatization of API Gateways: You can set a limit for the number of clients to access your API gateways. The smaller the number of clients the less vulnerable API gateways will become. Hence, make these gateways are private and completely deprived of any sort of cyber-attack. Apart from these measures, there are general safeguarding techniques, like training of staff, endpoint protection, continuous data backup, usage of secured Wi-Fi connection, etc. that encourage cyber security in a business.
THANK YOU

Empfohlen

Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Securing serverless system
Securing serverless systemSecuring serverless system
Securing serverless systemNUS-ISS
 

Empfohlen

Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Securing serverless system
Securing serverless systemSecuring serverless system
Securing serverless systemNUS-ISS
 
Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless SystemsVincent Lau
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfCraw Cyber Security
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxQACraft
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationEmbitel Technologies (I) PVT LTD
 
Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSFibonalabs
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyFibonalabs
 

Weitere ähnliche Inhalte

Ähnlich wie Measures to ensure Cyber Security in a serverless environment

Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless SystemsVincent Lau
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfCraw Cyber Security
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxQACraft
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 

Ähnlich wie Measures to ensure Cyber Security in a serverless environment (20)

Securing Serverless Systems
Securing Serverless SystemsSecuring Serverless Systems
Securing Serverless Systems
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdf
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data Security
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdf
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud Application
 

Mehr von Fibonalabs

Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSFibonalabs
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyFibonalabs
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?Fibonalabs
 
Simplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseSimplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseFibonalabs
 
How to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunHow to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunFibonalabs
 
Different Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsDifferent Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsFibonalabs
 
How Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerHow Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerFibonalabs
 
How to make React Applications SEO-friendly
How to make React Applications SEO-friendlyHow to make React Applications SEO-friendly
How to make React Applications SEO-friendlyFibonalabs
 
10 Heuristic Principles
10 Heuristic Principles10 Heuristic Principles
10 Heuristic PrinciplesFibonalabs
 
Push Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppPush Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppFibonalabs
 
Key Skills Required for Data Engineering
Key Skills Required for Data EngineeringKey Skills Required for Data Engineering
Key Skills Required for Data EngineeringFibonalabs
 
Ways for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterWays for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterFibonalabs
 
Factors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFactors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFibonalabs
 
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Fibonalabs
 
Cloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsCloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsFibonalabs
 
Choose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessChoose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessFibonalabs
 
Atomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIAtomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIFibonalabs
 
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Fibonalabs
 
7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User ExperienceFibonalabs
 
Moving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowMoving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowFibonalabs
 

Mehr von Fibonalabs (20)

Data Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJSData Sharing Between Child and Parent Components in AngularJS
Data Sharing Between Child and Parent Components in AngularJS
 
A Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design StrategyA Complete Guide to Building a Ground-Breaking UX Design Strategy
A Complete Guide to Building a Ground-Breaking UX Design Strategy
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?
 
Simplifying CRUD operations using budibase
Simplifying CRUD operations using budibaseSimplifying CRUD operations using budibase
Simplifying CRUD operations using budibase
 
How to implement Micro-frontends using Qiankun
How to implement Micro-frontends using QiankunHow to implement Micro-frontends using Qiankun
How to implement Micro-frontends using Qiankun
 
Different Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At FibonalabsDifferent Cloud Computing Services Used At Fibonalabs
Different Cloud Computing Services Used At Fibonalabs
 
How Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design PartnerHow Can A Startup Benefit From Collaborating With A UX Design Partner
How Can A Startup Benefit From Collaborating With A UX Design Partner
 
How to make React Applications SEO-friendly
How to make React Applications SEO-friendlyHow to make React Applications SEO-friendly
How to make React Applications SEO-friendly
 
10 Heuristic Principles
10 Heuristic Principles10 Heuristic Principles
10 Heuristic Principles
 
Push Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter AppPush Notifications: How to add them to a Flutter App
Push Notifications: How to add them to a Flutter App
 
Key Skills Required for Data Engineering
Key Skills Required for Data EngineeringKey Skills Required for Data Engineering
Key Skills Required for Data Engineering
 
Ways for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & BetterWays for UX Design Iterations: Innovate Faster & Better
Ways for UX Design Iterations: Innovate Faster & Better
 
Factors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX DesignFactors that could impact conversion rate in UX Design
Factors that could impact conversion rate in UX Design
 
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...Information Architecture in UX: To offer Delightful and Meaningful User Exper...
Information Architecture in UX: To offer Delightful and Meaningful User Exper...
 
Cloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and TipsCloud Computing Architecture: Components, Importance, and Tips
Cloud Computing Architecture: Components, Importance, and Tips
 
Choose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful BusinessChoose the Best Agile Product Development Method for a Successful Business
Choose the Best Agile Product Development Method for a Successful Business
 
Atomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UIAtomic Design: Effective Way of Designing UI
Atomic Design: Effective Way of Designing UI
 
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
Agile Software Development with Scrum_ A Complete Guide to The Steps in Agile...
 
7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience7 Psychology Theories in UX to Provide Better User Experience
7 Psychology Theories in UX to Provide Better User Experience
 
Moving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should KnowMoving From JavaScript to TypeScript: Things Developers Should Know
Moving From JavaScript to TypeScript: Things Developers Should Know
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Kürzlich hochgeladen (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Measures to ensure Cyber Security in a serverless environment

  • 1. Measures to ensure Cyber Security in a serverless environment https://fibonalabs.com/
  • 2.
  • 3. There is a lot that can be said and written when it comes to cyber security. But in the past few years, this game has completely changed with the increased remote setup and the uncertainty till which it will continue. Cyber Security in business has taken a different path altogether. How good it will be to learn about the measures that can be taken to ensure Cyber Security in a serverless environment. Serverless Environment: Brief Introduction A serverless environment/architecture is a manner in which applications are run without any physical server or without a specific infrastructure.
  • 4. It is a virtual setup where the server along with the applications is managed via cloud computing. It has innumerable benefits: 1. It saves the cost of setting up a proper physical server and its maintenance. 2. The overall cost is reduced. 3. It fastens the process of deployment and updates. 4. The serverless environment is wide and expandable to a great extent. Apart from this, you can have other benefits such as: ● It saves a lot of time in terms of commuting.
  • 5. ● You can work anywhere around the world irrespective of your office’s location. ● It gives you the flexibility of making any place your home (of course abiding by your organization’s rules). Serverless Environment: Cyber Security Threats In a serverless environment, vulnerabilities of attack increase to a great extent which is an indication of taking quick and advanced actions to ensure cyber security in a business. Let’s have a look at some of the cyber security threats in a serverless environment.
  • 6. ● Injection Flaws: The most common cause of cyber security threats is function event-data injection. Unlike web environments, in serverless environments, it is difficult to figure out secure and non-trusted paths. In such cases, the interpreter takes untrusted information and executes it. This makes the whole environment quite vulnerable to attacks. The most common examples of injection flaws in a serverless environment are: 1. Function run time code injection (happens in node.js/javascript, python, C##, Java, etc.) 2. SQL injection
  • 7. ● Authentication Gets Broken: In a serverless environment, exist a number of functions as it is a microservices-type environment. Now each of these functions is not completely secure as they can promote exposure of public web APIs. Some of them can act as proxy functions for various processes thus exposing the entry points of the environment and posing a great threat to cyber security. ● Incorrect Configuration Settings: As we all know that the concept of a serverless environment is not very old, hence, it is still a learning curve for computer architects and engineers to set a properly configured
  • 8. This may lead to misconfiguration or incorrect configuration of the environment, which in turn increases the risk of loopholes that can compromise cyber security. ● Granting High-Level Permissions: Giving high-level permissions for accessing confidential data via a serverless environment is another way of inviting threats. This could result in the mishandling of information by performing unintended operations such as “executing system function”.
  • 9.
  • 10. ● Improper Monitoring of Logs: Though most organizations make it a point to constantly monitor the logs/activities of users, especially in a serverless environment, it is quite possible that they lag behind in it. As monitoring of logs is done in real-time, missing out on any suspicious activity can result in a mismatched audit trail, thus increasing the risk of cyber-attacks. ● Untrusted Third-Party Dependencies: With the latest open-source frameworks, app development has become easier, but it has also made the serverless environment vulnerable. It takes just a small code to inject a virus while a developer is calling a third-party service through API calls.
  • 11. Now, let’s have a look at the measures to strengthen it. How to Make a Serverless Environment More Reliable? Several measures have been taken by organizations to ensure maximum cyber security in a business. Some of the most remarkable ones are listed below: ● Permission at Every Step: As mentioned above, granting high-level permission makes the environment more vulnerable to threats. Hence, introducing permissions at every function helps in the micromanagement of cyber security. The more restrictions are imposed on the usage of
  • 12. ● Checking Every Bit of Data Carefully: No matter how reliable the source of data is, we should keep checks at every point by properly evaluating every program and every line of code. It goes without saying that even the finest developers can miss damages like file intrusion attacks, so evaluation at even the smallest step is compulsory. ● Collection of Real-time Security Events: It is highly recommended by experts to have proper data monitoring of real-time security events. This helps in detecting threats and stopping them at a very initial stage.
  • 13. Taking advantage of AWS services like AWS X-Ray, Amazon CloudTrail, and Amazon CloudWatch is a great option to avail of third-party security services. ● Frequent Risk Assessment: A serverless environment can expose confidential data through various functions. Therefore, it is important to conduct risk assessment exercises on a regular basis. Further, data encryption tightens the boundaries for any sort of cyber-attack. ● Introduce Secure Authentication: Make full use of enormously beneficial tools like Microsoft’s Azure AD. These tools help in creating a complex
  • 14. You can also enforce steps that can nullify the effect of a potential threat. ● Privatization of API Gateways: You can set a limit for the number of clients to access your API gateways. The smaller the number of clients the less vulnerable API gateways will become. Hence, make these gateways are private and completely deprived of any sort of cyber-attack. Apart from these measures, there are general safeguarding techniques, like training of staff, endpoint protection, continuous data backup, usage of secured Wi-Fi connection, etc. that encourage cyber security in a business.
  • 15.