Cloud Computing – 2022 Top Threats – part 5
Misconfiguration and Exploitation
of Serverless and Container Workloads
The shift to cloud infrastructure and the implementation of DevOps practices have enabled IT teams to speed up the delivery of value to the business. However, the management and scaling of infrastructure and security controls to run applications remain a challenge for development teams. Traditional IT teams, accustomed to on-prem environments, must now adapt to new skills such as Infrastructure as Code and cloud security and take on added responsibility for the network and security controls of their applications. Although serverless and cloud-native containerized workloads offer a potential solution by transferring responsibility to the Cloud Service Provider (CSP), it necessitates a higher degree of cloud and application security maturity than merely moving virtual machines to the cloud.
In a serverless architecture, the security and management of the underlying infrastructure are transferred to the Cloud Service Provider (CSP). This reduces the attack surface area, as the CSP runs function code in short-lived containers by default, limiting the persistence of exploits through a constantly refreshing system. Should the customer be permitted to set up serverless containers with longer lifetimes and “warm start” configurations though, this increases the security risk. Other dangers include the possibility of sensitive information being exposed through a temporary file system and shared memory and access to temporary storage being utilized for hosting or executing malware. It is crucial for the application code to erase any data stored in temporary storage.
The serverless responsibility model creates a more intricate and complex environment. According to a study by Netskope, 4% of the IAM policies evaluated had complete administrative access, and 60% had the AWS Administrator Access role. If these permissions were granted to a publicly accessible AWS serverless Lambda function, the potential for vulnerabilities would be substantial, including access to the cloud environment, sensitive data exposure, and AWS account hijacking.
The absence of control over the underlying infrastructure can restrict the potential for resolving application security concerns and hinder the view of standard security tools. As a result, it is crucial to establish robust organizational strategies for cloud use best practices, application security, monitoring, access management, and secrets management to minimize the damage from a potential attack.
The use of serverless and containerized workloads can bring about great benefits in terms of speed, cost-effectiveness, ease of operations, and even security. However, the lack of proper knowledge and thoroughness in implementing serverless technology in applications can result in devastating security breaches, data loss, and financial exhaustion.
Serverless and Container Workloads good practices:
- To enhance security, organizations should adopt automated evaluation through Cloud Security Posture Management, Cloud Infrastructure Entitlement Management, and Cloud Workload Protection Platforms.
- To reduce the risk of insecure cloud configurations and decrease the occurrence of such incidents, investments should be made in cloud security training, governance processes, and the development of secure cloud architecture patterns.
- Prior to migrating to serverless technologies, which remove traditional security measures, development teams should be extra diligent in implementing strong application security practices and engineering best practices.