What is it about?
Serverless computing helps teams build and deploy applications faster. But that speed can hide security risks and create the false impression that security is no longer your responsibility. In reality, moving fast without thinking about security from the beginning can lead to fast failures. Serverless systems are event-driven and constantly changing, which makes it harder to define and control trust boundaries. Every input must be carefully validated, events must be isolated, and permissions should follow the principle of least privilege. Traditional security approaches, designed for long-running servers, don’t work well in environments where functions are short-lived and tightly connected to many other services. This increases the overall attack surface.
Featured Image
Photo by Growtika on Unsplash
Why is it important?
This paper explores how attackers target serverless applications, including the tactics and techniques they use. It also clarifies accountability within the shared responsibility model, reminding organizations that even if they no longer manage servers, they are still responsible for securing their applications and configurations. Additionally, it provides practical best practices across the entire serverless lifecycle. The goal is to help organizations enjoy the speed and flexibility of serverless computing without sacrificing security and resilience.
Read the Original
This page is a summary of: From Bare Metal to Bare Minimum: Reframing Responsibility in Serverless Computing Using LynxLab, October 2025, Institute of Electrical & Electronics Engineers (IEEE),
DOI: 10.1109/cars67163.2025.11337719.
You can read the full text:
Contributors
The following have contributed to this page
