Serverless platform security in Azure Functions
I'm a big fan of serverless compute, especially in Azure with Azure Functions. The idea of using serverless computing is so appealing as an ISV, as I don't have to fret about servers, infrastructure and operating systems... they are managed for me.
However, that doesn't mean I can abdicate responsibility when it comes to security. It's important to understand than in a shared responsibility model like what is handled in the public cloud, knowing where my responsibilities begins and ends is paramount.
Microsoft recently published "Azure Functions and serverless platform security", a document outlining the security considerations for serverless computing. It's worth the read.
It includes several key concepts that everyone should understand, including:
Injection flow in Azure functions
Privilege and role considerations
Monitoring and logging
Data flow and data security considerations
Along with that guidance includes a whole section on how to secure the Microsoft serverless platform that you deploy.
Good stuff. Thanks for the continued documentation Microsoft. Love seeing this sort of thing!