Knect365 is part of the Knowledge and Networking Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Informa

Cloud Security is a Wild Card

BY KURT MARKO

FaaS could increase risk by adding attack surfaces that are unique to a particular function and not considered during application design. 

For example, Lambda functions assume an AWS IAM role that controls the resources it can use, including things such as security keys for third-party APIs. If these are not properly constrained, a function might have unintended access to databases, S3 buckets and other data, not to mention access to external SaaS or social network accounts that could be exploited should the function be compromised in an attack. 

Screen Shot 2017-08-10 at 15.31.52

Similarly, functions used to handle web pages (forms, transactions) could be subject to DDoS attacks that could both disrupt the application and generate additional usage costs. 

These risks can be mitigated by rate-limiting and blacklisting addresses identified as abusive using AWS WAF (Web Application Firewall); however, it’s an added step that easily can get overlooked.

Download full report

Get articles like this by email