The Inner Circle

How are you guys working or dealing with security controls when it comes to serverless and Kubernetes. I think CCM will help me  but the question is around there is no physical server involved in serverless which can be easily eliminated however at the same time  what else can be eliminated or added specific to serverless. Hs anyone worked on something similar? 

Thanks

------------------------------
Adnan Rafique Cloud Security Leader
------------------------------

Hello
2 pointers for you for the serverless part.

• "The Serverless Cloud Security Model: A Point Of View" [1]
• "Deploy security controls for serverless apps with infrastructure-as-code tools" [2]

[1] https://www.cloudtp.com/doppler/the-serverless-cloud-security-model-a-point-of-view/
[2] https://conferences.oreilly.com/velocity/vl-ca-2018/public/schedule/detail/66568 for the slides.

------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
------------------------------

Original Message:
Sent: May 08, 2020 09:41:54 AM
From: Adnan Rafique
Subject: CCM for Serverless and Kubernetes

How are you guys working or dealing with security controls when it comes to serverless and Kubernetes. I think CCM will help me  but the question is around there is no physical server involved in serverless which can be easily eliminated however at the same time  what else can be eliminated or added specific to serverless. Hs anyone worked on something similar?

Thanks

------------------------------
Adnan Rafique Cloud Security Leader
------------------------------

Adnan - the serverless security working group is researching this right now if you care to add your thoughts. You're asking the right question - it's not just what risks have gone away, but what new ones are we now faced with trying to mitigate?

As to when a paper will be out - I'm not the lead so will stay mum there. :)

------------------------------
John Kinsella
------------------------------

Original Message:
Sent: May 08, 2020 09:41:54 AM
From: Adnan Rafique
Subject: CCM for Serverless and Kubernetes

How are you guys working or dealing with security controls when it comes to serverless and Kubernetes. I think CCM will help me  but the question is around there is no physical server involved in serverless which can be easily eliminated however at the same time  what else can be eliminated or added specific to serverless. Hs anyone worked on something similar?

Thanks

------------------------------
Adnan Rafique Cloud Security Leader
------------------------------

Original Message------

Adnan - the serverless security working group is researching this right now if you care to add your thoughts. You're asking the right question - it's not just what risks have gone away, but what new ones are we now faced with trying to mitigate?

As to when a paper will be out - I'm not the lead so will stay mum there. :)

------------------------------
John Kinsella
------------------------------

Original Message:
Sent: May 08, 2020 09:41:54 AM
From: Adnan Rafique
Subject: CCM for Serverless and Kubernetes

How are you guys working or dealing with security controls when it comes to serverless and Kubernetes. I think CCM will help me  but the question is around there is no physical server involved in serverless which can be easily eliminated however at the same time  what else can be eliminated or added specific to serverless. Hs anyone worked on something similar?

Thanks

------------------------------
Adnan Rafique Cloud Security Leader
------------------------------