"I'll just run my task in the cloud" - Legends and myths of security in Serverless [ukr]
I'm a big fan of vervain-free technologies and almost always prefer them over more traditional methods. Cloud Run instead of GKE, Fargate instead of EKS, Pub/Sub instead of Kafka, and Aurora instead of RDS. It's cheaper, easier to manage, less infrastructure... But what about security? Is it really possible to be sure that your serverless processes (and data) are secure?
In this talk, we will consider what can be done from the developer's point of view, what security tools exist at the organizational level, and how the approach to security differs in different clouds and services.
Let's talk about:
- How serverless products change your attack surface
- Vulnerabilities in serverless architecture and how to deal with them
- Best practices in the protection of serverless technologies
- Cloud Architect at Zencore
- Natalie is a systems/DevOps/cloud/platform engineer with a strong interest in data platforms and security
- Originally from Kharkiv, Ukraine, she studied and worked in Switzerland before coming to London and evolving her career from banking giants with their own datacenters, to a unicorn healthcare scaleup, to a tiny boutique cloud consultancy
- She's a Google developer expert in Cloud Platform and can be often spotted at conferences and meetups
- When not staring at yaml files, she enjoys traveling, photography, and tequila
- Twitter, Linkedin, Instagram, Medium