Back To Schedule
Tuesday, January 24 • 12:00pm - 12:50pm
Serverless is teh Hawtness for Defenders and DevOps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Serverless is a design pattern gaining a lot of traction in DevOps shops. The serverless pattern allows scale without managing the servers or processes running the application. This is done across the continuum of cloud--from storage as a service to database as a service but the center of serverless is Functions as a Service (FaaS). FaaS offerings on the market include AWS Lambda, Azure Functions, and Google Cloud Functions. Now processes run for milliseconds before being destroyed and then get instantiated for subsequent requests.

Security changes under serverless and our traditional modes of firewalling and hardening all the things just won’t cut it. Practices like vulnerability discovery, code scanning and intrusion detection change in a serverless architecture. Other changes for serverless include how applications are built and deployed to how teams are structured.

This session will focus on practical security approaches and the four key areas of serverless security: software supply chain, delivery pipeline, data flow and attack detection. Even if you don’t have any experience with serverless, don’t worry, in this session we will start with the basics. You will learn what serverless is (it’s still being defined) and practical patterns for serverless adoption.  

avatar for James Wickett

James Wickett

Head of Research, Signal Sciences
James is a leader in the DevOps and InfoSec communities–most of his research and work is at the intersection of these two communities. He is a supporter of the Rugged Software movement and he coined the term Rugged DevOps. Seeing the gap in software testing, James founded an open... Read More →

Tuesday January 24, 2017 12:00pm - 12:50pm PST
Sand and Sea Room