• Dana Epp

Serverless platform security in Azure Functions


I'm a big fan of serverless compute, especially in Azure with Azure Functions. The idea of using serverless computing is so appealing as an ISV, as I don't have to fret about servers, infrastructure and operating systems... they are managed for me.


However, that doesn't mean I can abdicate responsibility when it comes to security. It's important to understand than in a shared responsibility model like what is handled in the public cloud, knowing where my responsibilities begins and ends is paramount.


Microsoft recently published "Azure Functions and serverless platform security", a document outlining the security considerations for serverless computing. It's worth the read.


It includes several key concepts that everyone should understand, including:

  • Injection flow in Azure functions

  • Fragmented authentication

  • Privilege and role considerations

  • Monitoring and logging

  • Data flow and data security considerations

  • Exception handling

Along with that guidance includes a whole section on how to secure the Microsoft serverless platform that you deploy.


Good stuff. Thanks for the continued documentation Microsoft. Love seeing this sort of thing!

© 2020 by Dana Epp

  • White Twitter Icon
  • LinkedIn - White Circle