We are big believers in serverless computing — we think it could be the next major shift in cloud computing, and fundamentally change the way organisations build their applications.
With new infrastructure comes new security challenges, which is why we’ve joined the team at Puresec on their journey to become the global leaders in Serverless Security.
Meet the team
We were introduced to the Puresec team in early 2018 by our friends and co-investors at TLV Partners and we were instantly struck by how talented they were.
Shaked Zin and Avi Shulman came from elite units in the Israel Defence Forces across cyber, intelligence and commando units. They are passionate, hungry, unbelievably intelligent and the type of entrepreneurs you are desperate to work with: transparent, inquisitive, open and humble.
They added to their founding team an industry veteran in Ory Segal. Ory is a world-renowned application security expert, with over 20 years of experience. He was part of the team that built the world’s first WAF (web application firewall) and is a well-respected security thought leader.
Puresec has already achieved a lot in its short history and is clearly recognised as one of the leaders in the industry. We are incredibly excited and humbled the team chose us to join them and can’t wait to see what lies ahead.
A Very Quick History Lesson
An an on-premise world, organisations are fully responsible for every element of their infrastructure — they have to purchase, store, network, configure, and manage each and every one of the servers they need to run their business. There are very few organisations in the world that have the scale to do this efficiently and cost-effectively.
The birth of the cloud dramatically changed this, with cloud providers — think AWS, Microsoft Azure, Google Cloud Platform, IBM Cloud etc. — now managing the hardware, and leasing it out to organisations on an as-needed basis. This shift dramatically reduced the total cost of ownership (TCO) for organisations, made it quicker and easier to scale, reduced spend on idle capacity, and allowed engineers to focus more on their own business.
Serverless — The Next Cloud Evolution
There are a million and one “what is serverless computing?” primers available, so we’ll keep the 101 brief.
Serverless computing is the next major evolution of cloud computing. In yesterday’s cloud world, organisations still need to calculate how many servers they need and when, they still need to provision, configure and manage those servers, and they still need to pay for the servers they requested even if they aren’t using them.
With the advent of serverless computing, the cloud providers are taking on more and more of this responsibility. Organisations simply write the code for the functions they want to perform — process a payment, store information in a particular database, etc. — and the cloud providers automatically determine how much compute power is required and when, and immediately allocate the appropriate resources. As soon as that code has stopped functioning, the servers switch off and the customer stops paying.
Serverless computing magnifies the benefits that the cloud brought to the on-premise world: cost savings, no idle capacity, rapid/easy scaling, teams focused on core tasks instead of infrastructure management and increased speed to market.
Serverless Computing is the future, and already the present
Serverless computing is early in its development, but growing fast. Google, IBM and Microsoft are all investing heavily in their own serverless platforms, with AWS taking a leadership position with AWS’s Lambda the most widely adopted.
Serverless is already featuring at the biggest conferences. At AWS re:Invent in November 2018, these were the most talked about technologies:
Given the benefits to an entire organisation using serverless — developers (focus, speed and agility) and growth teams (scale and cost) — it’s unsurprising that both startups and major companies are adopting it at speed: Netflix, Coca Cola, iRobot, Thomson Reuters, are all singing the praises of the technology.
Security for Serverless is a New Paradigm
An additional benefit of moving to serverless is that the cloud provider takes responsibility for more of the security burden–great for users. This also presents an exciting security challenge, because securing your application in a serverless architecture is a completely new problem to solve. This is for two reasons
1. Today’s application security products work by being deployed onto the servers that run those applications. To protect the application, you protect the server and the network. With serverless, clients have no control of the servers their functions run on, so there is nowhere to deploy the security product.
2. Current solutions primarily protect http/https traffic. The types of attacks in a serverless world are much more varied, effectively rendering today’s solutions redundant.
As users shift to serverless, finding a solution that can provide comprehensive security will be critical.
We believe that we know the team who are building the operational standard for this new and exciting category. Learn more about them and the transformative shift to serverless on their website.