A new trend for developers is emerging, as many companies shift towards using serverless computing. The name is a bit misleading, as serverless computing still relies on servers for storing data, but those who use serverless computing leave the maintenance of the server to their provider. They pay only for the storage needed to execute the code they develop.
Serverless security is a fascinating topic. As more organizations move to distributed architectures and new ways of running their services, new security considerations arise. I spoke about this topic at APIdays Paris 2020 last week, and today, I wanted to recap some of what I covered. Let’s start with the basics: what exactly is serverless, and what does it change in the ways we create software?
Did you know that you can use Bearer with serverless functions? While serverless, or cloud functions, might not be your first choice for making API calls they can be a great way to proxy API requests or even act as a lightweight API gateway. They also offer a great way to bring some of the benefits of Bearer into the Jamstack. The set up process is similar to installing the Bearer Agent into a traditional app, but there are a few things to watch out for.
Lambdas are a great addition to the tech ecosystem by Amazon. They can help bootstrap projects and fulfill a wide range of specific use cases. Given their usefulness, at some point, you may want to add authentication capabilities. When using AWS Lambdas, you can use the API Gateway to handle authentication and it works just fine. The only pain point is how annoying it is to correctly set everything up and have a good dev experience.
Server architecture can differ in a lot of ways, but the three main categories would be on-prem, cloud and serverless. Some believe that cloud and serverless can be used interchangeably, which is not the case. To help clear up some confusion, this blog post will explain each of them and how it affects the security work.
ClearDATA provides cloud services and DevOps expertise to help healthcare and life science companies realize the benefits of the cloud. Our mission is to make healthcare better by helping conservative, heavily regulated healthcare entities innovate safely in the cloud.