INSUBCONTINENT EXCLUSIVE:
PureSec, a startup out of Israel emerged from Beta today to provide a way to make serverless computing more secure.Serverless computing
reduces programming to writing functions, so that when a certain event happens, it triggers an automated action
The cloud vendor takes care of the underlying infrastructure and developers just write the code
It may sound like Shangri La for tech, but in reality there are still security concerns.You might think that a process that lasts only
milliseconds wouldn&t be subject to conventional kinds of attacks, but the fact is serverless functions are designed to take human checks
and balances out of the equation, says company co-founder Ory Segal, and if you don&t set up the functions correctly you could be
vulnerable.As with any type of cloud security, there is a shared security model with serverless computing
On the vendor side, they ensure their data centers and systems are secure, but at the application level, it up to the developer
Certainly we have seen many instances where applications have been left exposed and data has leaked.Segal says the function may be only a
few lines of code triggering an action, but the action usually involves interacting with one or more external services
When that happens, there is an opportunity to manipulate the function and make it do something it wasn&t designed to do such as inject
malicious code.The product looks at your serverless code and lets you know which vulnerabilities you may have left exposed
It can even fix those problems for you if you wish
It also allows you to configure a security profile for your code from a dashboard and see a log of activity to track problems when they
occur.Screenshot: PureSecSegal says when the company launched in 2016, it was just a couple of years after AWS launched its Lambda
At the time, it was not widely used or understood
Serverless computing remains very early in its development, but in order to grow it needs a set of underlying tools like security to really
take off.PureSec is built from the ground up to provide serverless security, and itself is built on top of serverless architecture
As Segal points out, traditional security products require underlying infrastructure to deploy something either on the server or network
With serverless architecture, there is no underlying architecture on which to deploy until event is triggered and the cloud provider figures
out what compute, memory and storage is required to complete the process.The company had been in Beta mode up until today and has raised $3
million in seed investment, according to Crunchbase
It has 11 employees based in Tel Aviv.
