- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Serverless and containers are two of the hottest topics in the software world. They are by no means identical technologies, but in the abstract, they function in similar ways. This article answers those questions by comparing and contrasting serverless and containers.
Serverless and containers are two of the hottest topics in the software world. They’re also two technologies that share a lot in common. After all, both are ways to deploy code inside isolated, discrete environments. They are by no means identical technologies, but in the abstract, they function in similar ways.
Much confusion exists about best practices and security management and how they differ between the two. Among the issues to consider, you must decide how to change your architecture strategy when dealing with serverless functions as opposed to containers.
This article answers those questions by comparing and contrasting serverless and containers. We’ll provide an overview of what these two technologies have in common and explain how deployment, management, and security strategies for serverless workloads and containerized workloads compare.
A detailed definition of serverless and containers is not necessarily needed for now, but here are quick definitions:
Serverless – Refers to an architecture in which code is executed on-demand. Serverless workloads are typically in the cloud, but on-premises serverless platforms exist, too.
Containers – Provide portable environments for hosting an application, or parts of an application. The most common container platform today is Docker; although, the containerization concept dates back to the introduction of the chroot call to Unix in the late 1970s.
While serverless functions and containers are designed to meet different needs and are deployed using different tools, they share a lot in common. Here are some examples:
The list could go on, but these are the essential traits that containers and serverless functions share in common.
Given the similarities described above, you might think the strategy you use for managing and securing serverless functions can be employed for containers, too. You’d be right—to an extent.
The following are the key components of a software management and security strategy that apply to containers as well as serverless functions.
Dynamic Baselining
In both a containerized environment and a serverless one, there is no such thing as “normal.” Instead, the number of containers or serverless functions running at a given time and the level of communication between them fluctuates constantly. That is why it’s critical to leverage monitoring and security tools that support dynamic baselines, which means they can adjust automatically to recognize anomalous behavior, even in environments that are constantly changing.
Third-Party Dependency Management
It’s common for both containers and serverless functions to import third-party code when they run. For that reason, managing and securing code from upstream sources is critical in both contexts. That means knowing where the code comes from and gaining early awareness of any stability or security problems associated with it, so you can fix the issues before they cause problems.
Access Control
Although serverless functions and containers run inside environments that are relatively isolated from each other and the host server, that isolation is not absolute. A serverless function or container that experiences a performance problem or security breach could affect other resources in undesirable ways. That’s why it’s critical to take advantage of access-control systems to lock down which resources your functions and containers can access. You don’t want a coding flaw or security breach inside your serverless function or containers to lead to massive consumption of cloud resources, for example, or to crash another container or server.
API Testing and Security
Since APIs are so important in the context of both containers and serverless, testing and securing APIs is critical for both types of environments.
In other respects, however, serverless and containers require fundamentally different management and security techniques.
Managing and Securing the Host Environment
Resource Consumption
Cloud Frameworks
In short, containers and serverless are similar in several key respects and the strategies you use to manage them and keep them secure should be similar, too. However, there are some very important differences when it comes to managing and securing certain dimensions of a serverless or containerized workload, such as the extent of the responsibility you bear for the host environment and the tools you can use.
In a simple world, your container and serverless strategies could be identical, but in the real world, you have to factor these variations in when you make a plan for keeping your serverless functions and containers lean, mean, and secure.
Learn more about securing and managing containers and serverless, register to view the on-demand cloud native security summit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |