Promising trends in the serverless infrastructure market
The serverless infrastructure, which enables cloud-native application development without the need to manage servers, is growing. According to market research, it is set to grow into a $21.9 billion market by 2025 from $7.9 billion in 2020. This growth affects several sub-markets including API management, app design and consulting, analytics, monitoring, automation, integration, and security.
Another study estimates that the serverless market grew three times in 2020 compared to 2019. This study focuses on the growth in AWS Lambda (most mature and widely used), Azure Functions, and Google Cloud Functions. Also, it was observed that serverless framework downloads hit 25 million in 2020, up from 12 million in 2019.
This growth is unsurprising given how this relatively new technology is capable of reducing costs and operational complexities, which results in greater efficiency for development and IT operations. There is a lot to look forward to in the serverless market. However, with this growth comes the inevitable rise of threats organizations should pay meticulous attention to.
Serverless computing definitely has its advantages, but just like other new technologies, it has the pitfall of being adopted by users blindly. Many IT teams use the tech without doing security consultations, which opens up significant opportunities for cybercriminals as they exploit security loopholes and weaknesses created in the process of deploying new infrastructure.
Protecting a serverless architecture from cyberattacks is highly challenging for businesses because of its distributed nature. Conventional cyber defenses are not suitable for securing it given how serverless applications become loosely coupled and event-driven under a serverless framework. As reported by Infosecurity Magazine, a fifth of open-source serverless apps have critical vulnerabilities.
The problem aggravates when an organization operates hundreds of accounts across different providers and geographical locations. Each of these accounts requires separate protection that cannot be afforded by broad-based traditional cybersecurity solutions. Additionally, there are security visibility issues, since app developers are relegated to the driver’s seat in serverless computing. Development projects may be rushed while compromising on security, and the developers are forced to accept the predicament.
Serverless security protection is a crucial concern for any organization that is considering the idea of serverless architecture. The good thing is that this does not have to be complicated and difficult. There are solutions designed to embed into systems to establish cyber defenses against new attack vectors associated with serverless functions.
The security of the serverless architecture is expected to improve as more users adopt it and security firms correspondingly pay more attention to developing the appropriate security solutions for it. "We expect security vendors to deliver solutions that uncover blind spots and control serverless. We also expect companies to adopt new distributed policies for compliance and control requirements," said cybersecurity expert Gadi Naor in an article on TechBeacon.
Serverless computing is generally regarded to have a robust ecosystem of tools and platforms. However, the fact that it is still quite new makes it clear that it still lacks standardization and interoperability. A whitepaper by the Cloud Native Computing Foundation notes that this lack of standardization can become problematic as it forces organizations into getting locked in with specific vendors.
The release of Knative, however, is seen as a crucial development in expediting the standardization of the serverless architecture. Knative, an open-source collaborative project between Google, IBM, SAP, Pivotal, and Red Hat, makes it easier to build and deploy container-based serverless apps. It promotes the use of standard functions and features such as cloudevents to give developers something common to work on. As such, they are able to develop interoperational "polycloud" applications.
This push towards standardization is not going to be fast and easy, though. It does not mean that serverless application codes will quickly become portable across different cloud platforms. Things will take time, and some industry pundits even doubt if such portability could ever happen.
Improved application testing
Along with the trends of standardization security improvement comes the rise of better application testing under serverless environments. Remote app testing already exists, but it is designed for individual function testing and not for serverless app assessments. Also, current remote app testing methods do not have uniform testing models and tend to be fragmented.
The growing popularity of serverless computing encourages the development of more suitable testing options. There are viable ways to address the testing conundrum, and security vendors are already working to provide suitable solutions.
Expansion into hybrid IT
The serverless infrastructure can gain more adopters by expanding into hybrid IT. This integration with hybrid IT can also accelerate mainstream use among enterprise application users. Hybrid serverless models that cover multiple cloud environments and data centers contribute to the maturity of the technology, especially with the serverless infrastructure’s integration with other technologies including traditional app architectures and microservers.
Not all organizations will turn to the serverless model. The common practice of running some apps on AWS and others on public clouds and on-premise data centers will most likely remain the same. Thus, the hybrid setup is inevitable. While AWS Lambda is considered to be driving the growth of the serverless market, it is unlikely for companies to embrace it as the lone cloud provider.
Many companies will be using the serverless framework for the deployment of hybrid serverless cluster workflows. This can be used in data pipelines, machine learning training pipelines, machine learning deployment pipelines, and the pushing of Docker container images to ECR.
The serverless infrastructure is complex and known for its high level of abstraction, attributes that make it notably challenging to observe and monitor. Things are expected to improve in 2021 as serverless adoption increases and the demand for more complex serverless apps rises.
The emergence of open source initiatives such as OpenMetric and OpenTracing is already making an impact on serverless observability. Other tools such as AWS CloudWatch, Dashbird, AWS X-ray, Epsagon, Thundra, and IOpipe are also contributing to the maturity of the serverless model.
Observability and monitoring are critical in the development, testing, and operation of serverless applications. With these addressed adequately by the development of more tools, it becomes easier and more sensible for companies to start going serverless.
Creating more use cases
Ultimately, the trends highlighted above facilitate the expansion of serverless use cases. From relatively simple tasks such as scheduled tasks and periodic data processing to more critical ones such as web app and data processing, the use of the serverless model is set to grow and serve more business functions particularly when it comes to entertainment and IoT.
The serverless market is still relatively new and is naturally going through various challenges as it matures. However, the trends point to better experiences and more applications.
Image Credit: Pixabay
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.