What is serverless computing?

There is a technology that is present in the execution of almost all the activities we carry out on the Internet: cloud computing. Cloud storage consists of storing information managed by an organization or company on servers external to it and to which the company itself can access at any time and remotely. For example, when you access your banking information you are using cloud computing without realizing it.

Cloud computing has not only given companies greater storage capacity, but also computing power. In this scenario, in recent years there has also begun to be talk about a new computing paradigm: serverless computing or computing without a server. Contrary to what it means, it is not a serverless architecture, but software developers -those responsible for deploying applications in the cloud, which could be considered customers of the cloud provider (Amazon, Google, Salesforce, etc.- , they don’t have to worry about configuring or managing the servers because those tasks are taken care of by the cloud provider.

What is serverless computing?

When we mention serverless computing, we are referring to a new paradigm that in the future is likely to become the dominant way to deploy applications in the cloud. Being applicable to edge computing, that is, when we bring the processing as close as possible to where the data is being generated.

In serverless computing, application logic is broken down into a set of small, ephemeral, stateless functions that communicate with each other and with various cloud services (for example, storage services) to accomplish their tasks. Today’s serverless architectures are often event-driven. In this way, functions can be executed on receipt of a wide range of events. As happens when a new data is added to a database, when receiving an email or when obtaining a new measurement from a sensor, among others.

The serverless computing model separates itself from monolithic systems and microservices, offering a form of payment for the resources that each application consumes. A totally noticeable difference with previous cloud models, where users pay a fixed amount for the resources allocated (regardless of the resources the application consumes). In addition, this ecosystem is developed according to the needs of the organization, so it is not necessary to make a large outlay of capital.

2 models of serverless computing

Along these lines, thanks to the effectiveness of the serverless method, today we can distinguish between two types of architectures: Function as a Services (FaaS) and Backend as a Services (BaaS).

• BaaS is a service that automates back-end development, through third-party services and applications. The central idea behind BaaS is to offer software developers a set of services and tools (databases, APIs, file storage, etc.) to facilitate and speed up the development of mobile and web applications.
• FaaS is a model that focuses on allowing software developers to deploy and run their own functions in the cloud – here, the functions can also use additional services, such as those offered in BaaS. At the moment, FaaS is considered the most dominant serverless model.

Advantages of implementing a serverless computing model

The implementation of serverless computing offers numerous advantages to the user. Some of them we have already mentioned throughout the article, others are the following:

• The serverless model allows software developers to outsource all infrastructure management as well as operational tasks to cloud providers, allowing them to focus on writing the code for their applications.
• It follows a pay-as-you-go model, that is, it is only charged based on the resources consumed.
• It offers unlimited, fast, automatic scaling of resources up and down to match demand, from zero to near infinity.

Characteristics of serverless computing

One of the handicaps of the serverless model is that its functions can be activated from various sources, expanding the attack surface. Each of the functions that run within this architecture performs a single task and is therefore forced to interact with other shared cloud services and, despite the fact that there are security policies that specify which functions and services in the cloud you can access each function, being such a complex environment, security policies are prone to configuration errors that open the door to security attacks.

Most of the security responsibilities for serverless computing fall on cloud providers. Whereas, software developers are responsible for maintaining security at the application level. Therefore, for them, it is vitally important to follow the best security practices when writing serverless functions in order to reduce the chances of bugs -software defects- in these, which may lead adversaries to launch attacks.

However, this architecture offers greater resistance against various types of Denial of Service (DoS) attacks that aim to saturate network bandwidth, trigger many heavy computing actions in parallel, or exploit application flaws. For example, to cause infinite loops. That is, a failure that consists of carrying out a cycle that is repeated infinitely, because its condition to end is never met.

Despite the fact that this technology saw the light of day at the Amazon Web Services event in 2014 and various cloud providers have entered the world of serverless platforms, there is still a lot of work ahead. One of the main challenges is the security of this model. With the increasing volume and diversity of attacks against the cloud, we believe that security and privacy will be a key factor that, if not addressed, could hinder the widespread adoption of serverless computing.

For the moment, we can say that we are facing an evolution in the development of applications in the cloud without a server. Where there is still much to investigate, learn and apply. Serverless computing is a challenge in itself that requires design decisions related to service monitoring (QoS), scaling, and fault tolerance ownership to be handed over to the cloud provider.