Serverless Security Explained
Serverless computing is a method of providing backend services on an as-used basis. A serverless cloud provider allows users to write and deploy code—without the hassle of worrying about the underlying infrastructure. While serverless computing confers many benefits and is enjoying rapid adoption, organizations need to assess the security implications and how to address them. This blog will explore serverless security risks and best practices. I will also cover how to leverage BeyondTrust Privileged Access Management (PAM) products to better secure your serverless computing environment.
Why the Rise of Serverless Computing?
When initially embracing cloud computing, organizations adopt:
- Infrastructure-as-a-Service (IaaS) models that abstract physical hardware
- Platform-as-a-Service (PaaS) models that abstract operating systems
Now, companies are looking at serverless computing to further separate from server and infrastructure management. This separation allows for applications to not only be cloud hosted, but also to operate without the limitations of physical hardware and the need to provision resources within their environment. Key benefits of this evolution to serverless services include the simplified deployment and management of microservices.
With that said, serverless is not a new concept. Organizations have always relied on servers and infrastructure to host data and applications, which they can personally configure and manage.
How Serverless Computing Works
Serverless computing is enabled by two categories of cloud computing services:
1. Function-as-a-Service (FaaS)
Also known as serverless computing, function-as-a-service is possibly the most abstract of the cloud computing models and the most “cloud” of them. The service user writes code that runs either monolithically (one large application), as microservices interacting to supply a function or application, or somewhere in between, using both concepts.
The FaaS code runs as needed, rather than persisting in memory between runs, by storing results or states to a persistent storage medium, that is, a database. This allows dynamic allocation of resources for execution, rather than reserving resources for a process that may not need it.
When the code is not running, there are no computer resources used. Thus, minimal (if any) costs are associated with the runtime. The application developers aren’t concerned with the infrastructure at all, just the code. This model keeps the background execution environment hidden and managed.
As an example, serverless databases extend the serverless services model to applications. This both eliminates the need to manage database server infrastructure and provides direct database access without all the overhead. Here’s a diagram of this architecture:
2. Backend-as-a-Service (BaaS)
As the name partly suggests, these are backend, off-the-shelf, microservice products, such as authentication, database management, remote updating, and cloud storage.
BaaS allows you to utilize out-of-the-box features and microservices from your BaaS cloud provider to remove the need to code them yourself.
Examples of BaaS microservices include:
- Cloud storage
- Database management
- Email verification
- Push notifications
- Security settings
- User authentication
Serverless security considerations
Under a serverless computing model, the cloud services provider is responsible for securing the server(s), ensuring security patches are being applied, correctly configuring firewall rules, and maintaining updated antivirus and other infrastructure security protections. Any updates to these security controls should be invisible to the customer.
Serverless services are highly available—the customer should not have to worry about maintaining uptime or monitoring of any infrastructure. Also, the solution is scalable and is automatically provisioned when resources are required.
Yet, as with all cloud service provisions, there are security risks and other implications. The predominant serverless computing security risk pertains to the data passed between functions. However, it’s also important to be aware of data held at rest between executions. This data is the lifeblood of the system—any opportunity to poison data could lead to a catastrophic failure.
Serverless security risks and best practices
Despite cloud hosting (typically), serverless computing environments are vulnerable to similar risks as with on-premise environments. Common serverless security risks include:
Increased Attack Surfaces
There are several input and event sources to serverless, including HTTP APIs, cloud storage, IoT device connections, and queues. These inputs significantly increases the attack surface since some of parts may contain untrusted message formats. Moreover, these formats may lack proper monitoring or auditing by the standard application layer protection. The methods and connections to fetch input data can represent attack vectors.
Unsecure configurations in the settings offered by the CSP can increase the vulnerability of serverless applications to cyberattacks. Threats can range from denial-of-service attacks due to misconfigured timeout settings between functions and host as well denial-of-wallet (DoW) attacks when attackers exploit function links. Using unprotected functions from public repositories also causes DoW attacks due to leakage of sensitive data. The unprotected functions may contain unprotected secrets and keys.
Due to the nature of serverless applications and their use of microservices, an authentication failure in a single function can impact every other function within the application. Thus, attackers can target a single function to get access to the system.
Each function within a serverless application has its own roles and permissions. This poses challenges, including the tendency for serverless application to be granted excessive privileges, especially if the function makes many interactions. This excess privilege Is a target for threat actors.
Take, for example, a function that regularly accesses a database and updates other functions within the ecosystem. This function may be broadly provisioned privileges to ensure it can perform its tasks. While high levels of privilege may be needed for some of the function’s tasks, other tasks may need minimal or no privileges. This means execution of the over-privileged tasks represents an outsized risk, due to their excessive privileged attack surface.
How BeyondTrust Secures Serverless Computing
By implementing BeyondTrust Privilge Access Management (PAM) solutions, you can address key risks and ensure serverless security best practices across your environment. Below are four key ways customers apply BeyondTrust solutions to protect their serverless computing environment.
1. Manage all Privileged Accounts and Credentials
In serverless computing, there is a risk around authentication to the application and back-end services. Accounts and passwords used for authentication could be compromised if the password is weak or mismanaged and secured. Also, if the authentication doesn’t utilize MFA, a threat actor need only compromise the account password to gain access.
Beyondtrust Password Safe can address these challenges. Organizations can leverage Password Safe to securely manage any accounts used for authentication within the serverless environment.
Password Safe manages all types of privileged accounts and credentials (privileged passwords, SSH keys, DevOps secrets, etc.). In serverless instances, this often includes the keys for any developer code or user authentication accounts. Access to such accounts and platforms can be further protected by integrating Password Safe with MFA for any users who need to access the serverless environment via Password Safe.
2. Implement Granular Access Controls and Least Privilege
Regardless of how the data is accessed (a developer running an application on their local machine to produce code, database admins accessing backend services, etc.) there always exists a risk of over-provisioned privileges for users, and access to the application and data held.
Developers may require local admin rights to run applications. When authenticating to code an application, the developer’s privileges may exceed what they need to carry out their tasks.
BeyondTrust endpoint privilege management products (Privilege Management for Windows & Mac and Privilege Management for Unix & Linux) can ensure developer machines run applications in accordance with the principle of least privilege. Applications can be run by the users without granting the user excess privilege. The BeyondTrust solution also enables you to exercise controls over such tools as PowerShell command to prevent unapproved commands and scripts from running.
3. Monitor & Audit Access
Most organizations lack clear visibility into how access is occurring in the serverless environment. This activity could range from developers and users accessing the data within the application, to administrators managing the environment. Without visibility, IT and security teams struggle to mitigate malicious activity, or even address potentially damaging human errors.
Developers and administrators who access and manage the serverless environment could broker access via the Beyondtrust solution, which can monitor and audit access to the environment using custom applications and platform management. This could range from defining custom applications of developer tools through to specific platform support for Azure and AWS environments, if the serverless applications are hosted within them. Regardless, session recording and activity is captured for any user access.
BeyondTrust can also log user workstation activity. Application activity can be logged on Windows and Mac platforms. On Linux devices, both sudo activity and session activity within terminal sessions is logged.
The visibility provided by BeyondTrust enables rapid detection of potential issues, with the ability to prevent or mitigate damage.
4. Secure and Verify Data in Transit
One challenge when accessing and maintaining a serverless application environment, is ensuring the security of data when developers may be connecting to the environment from many remote locations. Users may leverage a variety of tools with different levels of security. The organization may lack important visibility into such connections and activities. This presents challenges with regard to meeting cyber insurance requirements and compliance regulations, as well as potential attack vectors an adversary could exploit.
BeyondTrust can help secure remote connections, consolidate toolsets, and provide greater visibility into access and session activities through our Privileged Remote Access product. Through a single access console, users can securely access their serverless environment and connect using our session and jump connectivity. This can range from shell jumps or even advanced web access. Users can connect either through the console, or can securely leverage their own native SSH tools with our BYOT capabilities. All such connections will be audited, and role-based-access can be leveraged to ensure users only have access to the target endpoints they need.
In addition, our Password Safe product can also be used to provide secure connectivity and enhanced auditing of such connections, while also adding privileged account and secrets management capabilities to help authenticate and secure privileged connections.
The connection between end users and the serverless applications should always be secure and leverage https, wherever possible, for an SSL encrypted connection. BeyondTrust Privileged Remote Access can enable such connectivity, leveraging session management to ensure data passed to an application is securely transferred and verified.
The diagram above shows how BeyondTrust can help secure a serverless computing environment. Access to the environment is secured using Privileged Remote Access and Password Safe, while the serverless admin’s machine is locked down and managed via our endpoint privilege management capabilities, which are provided through our Privilege Management for Windows & Mac and Privilege Management for Unix & Linux products.
Next steps to improve your serverless security
In serverless computing environments, the application is no longer hosted within a traditional corporate network. Yet, the enterprise must ensure access is secured and monitored. Least privilege should be enforce to minimize the pathways for any potential threat actors. Also, it’s vital that any privileged accounts or secrets used within the application—either for user authentication of service accounts or for non-interactive tasks—are managed and protected.
BeyondTrust provides multiple ways to improve security around your serverless computing environment and other infrastructure. Contact us to learn how we can help you protect your environment.
Brendan Casey, Solutions Engineer
Brendan Casey is a Solutions Engineer, EMEIA for BeyondTrust, where he has worked for 6 years. Brendan has over 20 years’ experience in the information technology industry working across multiple industries ranging from healthcare, education, and the SME sector. During his career he has held a variety of roles including on the helpdesk, implementation teams, consulting and presales.
Brendan is customer focused and passionate about delivering solutions that meet client requirements, solve business issues, improve efficiencies, and bring value to an organization. Listening to customers’ requirements and understanding their challenges and aspirations ensures he helps customers to achieve their goals.