LASCON 2017

Serverless is the design pattern for writing applications at scale without the necessity of managing infrastructure. This is done across the continuum of cloud—from storage as a service to database as a service, but the center of serverless is functions as a service (FaaS). (Current FaaS offerings include AWS Lambda, Azure Functions, and Google Cloud Functions.) Now processes run for milliseconds before being destroyed and then get instantiated for subsequent requests.

Serverless adds simplicity and a new economic model to cloud computing, but it creates some unique security challenges. In serverless architectures, technologies like antivirus and intrusion detection become meaningless. James Wickett explores practical security approaches for serverless in four key areas—the software supply chain, the delivery pipeline, data flow, and attack detection—and examines how traditional approaches need to be adapted to serverless.

Even if you don’t have any experience with serverless, don’t worry; this session starts with the basics. You’ll learn what serverless is (hint: it’s still being defined) and practical patterns for serverless adoption.