Citation:

Gaurav Shekhar , 2022. "Secure DevOps in Serverless Architectures: Reducing Risks in Event-Driven Workflows", ESP Journal of Engineering & Technology Advancements, 2(1): 157-167.

Abstract:

Serverless computing is becoming dominant as more organizations adopt it for improving scalability and minimizing operational burden, and event driven architectures present unique security challenges that need to be addressed. By its very nature, serverless models involve functions triggered by all sorts of events that inherently decentralize the control over resources alongside with distribution of data flows. For this paradigm, DevOps practices must be reimagined: security must be maintained while staying agile. This paper investigates ways to secure DevOps workflows in the context of serverless architectures; in particular, how these risks are mitigated through various distributed triggers, ephemeral compute instances and third party integrations. In this paper, we focus on using security automation, real time monitoring, and policy enforcement to protect the life cycle of serverless applications. Security event sources are secured, Zero Trust principles are enforced, and AI driven anomaly detection is leveraged, along with IaC, for consistent security baselines. We argue for Secure DevOps using case studies and best practices that showcase how Serverless deployments can be robust, scalable and compliant. The objective of this research is to deliver to DevOps and security teams the means to take action before new threats emerge, so that serverless technology innovation doesn't trump security and compliance.

References:

[1] Puppala, R., Goutham, P., Rohan, S. A., Sainadh, J. T. K., & David, T. J. (2024, March). Serverless Computing and DevOps: A Synergistic Approach to Modern Software Development. In International Conference on Computational Intelligence and Generative AI (pp. 123-137). Cham: Springer Nature Switzerland.

[2] Sokolowski, D., Weisenburger, P., & Salvaneschi, G. (2021, August). Automating serverless deployments for DevOps organizations. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 57-69).

[3] A Review on Ensuring Robust Security Posture: Best Practices for Securing Serverless Architectures in Devops Pipelines, online. 2024. https://ijarbest.com/journal/v10i4/2385

[4] The Future of DevOps: How Serverless Architectures Are Shaping the Landscape, online. https://www.linkedin.com/pulse/future-devops-how-serverless-architectures-shaping-landscape-sava-c1myc

[5] Bento, J., Heffernan, D., Rivero, C. Q., Antúnez, A. P., Garner, A., Copley, D., ... & Torres, M. (2024, July). A modern DevOps and serverless architecture for the New Robotic Telescope software infrastructure. In Software and Cyberinfrastructure for Astronomy VIII (Vol. 13101, pp. 562-568). SPIE.

[6] Rajan, R. A. P. (2018, December). Serverless architecture-a revolution in cloud computing. In 2018 Tenth International Conference on Advanced Computing (ICoAC) (pp. 88-93). IEEE.

[7] The Role of Serverless Architecture in DevOps and Agile Development, SID Global Solutions, 2023. online. https://sidgs.com/the-role-of-serverless-architecture-in-devops-and-agile-development/

[8] DevSecOps & DevOps Services For Serverless Architecture, online. Fission Labs, online. https://www.fissionlabs.com/case-study/devsecops-devops-services-for-serverless-architecture

[9] Bangera, S. (2018). DevOps for Serverless Applications: Design, deploy, and monitor your serverless applications using DevOps practices. Packt Publishing Ltd.

[10] Lamponen, N. (2021). Implementation of secure workflow for DevOps from best practices viewpoint.

[11] Alluri, V. R. R., Bonam, V. S. M., Vangoor, V. K. R., & Ravi, C. S. (2018). Serverless Computing for DevOps: Practical Use Cases and Performance Analysis. Distributed Learning and Broad Applications in Scientific Research, 4, 158-180.

[12] Ivanov, V., & Smolander, K. (2018). Implementation of a DevOps pipeline for serverless applications. In Product-Focused Software Process Improvement: 19th International Conference, PROFES 2018, Wolfsburg, Germany, November 28–30, 2018, Proceedings 19 (pp. 48-64). Springer International Publishing.

[13] Securing Weak Points in Serverless Architectures, Trendmicro, 2020. online. https://www.trendmicro.com/en_in/devops/20/h/securing-weak-points-in-serverless.html

[14] What is Serverless Security? - A Complete Guide, XenonStack, 2024. online. https://www.xenonstack.com/insights/what-is-serverless-security/

[15] Sainadh, J. T. K., & David, T. J. Serverless Computing and DevOps: A Synergistic Approach to Modern. In EAI International Conference on Computational Intelligence and Generative AI (p. 123). Springer Nature.

[16] Serverless architectures comparison, pros & cons, and case studies, AgileEngine, online. https://agileengine.com/serverless-architecture/

[17] The Future of DevOps: Paradigm of Serverless Computing and Event-Driven Architecture, attract Group, 2024. online. https://attractgroup.com/blog/the-future-of-devops-paradigm-of-serverless-computing-and-event-driven-architecture/

[18] Morales, J. A., Scanlon, T. P., Volkmann, A., Yankel, J., & Yasar, H. (2020, August). Security impacts of sub-optimal devsecops implementations in a highly regulated environment. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-8).

[19] Serverless Architectures: Best Practices and Use Cases, Trigyn, 2024. online. https://www.trigyn.com/insights/serverless-architectures-best-practices-and-use-cases

[20] Josh Berkus, DevOps + Serverless = Event Driven Automation, online. 2020. https://www.cncf.io/blog/2020/11/23/devops-serverless-event-driven-automation/

Keywords:

Serverless Computing, Secure DevOps, Zero Trust, Infrastructure as Code (IAC), Security Automation, Anomaly Detection.