1 00:00:00,000 --> 00:00:02,580 FAAS and Serverless. 2 00:00:02,580 --> 00:00:03,860 When I talk about FAAS, 3 00:00:03,860 --> 00:00:06,690 I'm talking about function as a service. 4 00:00:06,690 --> 00:00:10,100 Now, function as a service is a really cool new technology, 5 00:00:10,100 --> 00:00:12,110 and it is really one of these newer technologies 6 00:00:12,110 --> 00:00:14,750 that we're using inside the cloud computing world. 7 00:00:14,750 --> 00:00:15,700 A lot of traditionalists 8 00:00:15,700 --> 00:00:17,390 don't like the idea of function as a service 9 00:00:17,390 --> 00:00:19,560 because there are some risks involved with it 10 00:00:19,560 --> 00:00:21,510 which we'll talk about as we go through this lesson, 11 00:00:21,510 --> 00:00:23,280 but I do want you to be aware of this concept 12 00:00:23,280 --> 00:00:24,730 because as an analyst, 13 00:00:24,730 --> 00:00:26,740 I personally think function as a service 14 00:00:26,740 --> 00:00:28,450 is a large part of the future, 15 00:00:28,450 --> 00:00:30,270 and we're going to have to learn how to use these things 16 00:00:30,270 --> 00:00:32,440 and how to be able to analyze them for security 17 00:00:32,440 --> 00:00:33,780 as we move forward. 18 00:00:33,780 --> 00:00:36,620 Now, when I talk about function as a service or FAAS, 19 00:00:36,620 --> 00:00:38,120 what exactly is that? 20 00:00:38,120 --> 00:00:39,650 Well, it's a cloud service model 21 00:00:39,650 --> 00:00:42,060 that supports serverless software architecture 22 00:00:42,060 --> 00:00:45,050 by provisioning runtime containers in which code is executed 23 00:00:45,050 --> 00:00:47,380 in a particular programming language. 24 00:00:47,380 --> 00:00:49,800 Now, that's a really long way of saying 25 00:00:49,800 --> 00:00:52,850 we are going to be able to run things and make applications 26 00:00:52,850 --> 00:00:55,400 without actually having our own servers. 27 00:00:55,400 --> 00:00:57,050 Now, that sounds pretty cool, right? 28 00:00:57,050 --> 00:00:59,010 Because, now, I don't know about you, 29 00:00:59,010 --> 00:01:01,540 but I've been a system administrator for a long time, 30 00:01:01,540 --> 00:01:02,990 about 20 years, 31 00:01:02,990 --> 00:01:05,890 and the idea of having to run all my own servers 32 00:01:05,890 --> 00:01:08,620 and be able to run my own patches and do the updates 33 00:01:08,620 --> 00:01:10,910 and do all the testing and do all that stuff, 34 00:01:10,910 --> 00:01:13,140 just to be able to run a simple integration program 35 00:01:13,140 --> 00:01:15,423 like the one I talked about between Freshdesk and Udemy 36 00:01:15,423 --> 00:01:17,700 to able to make tickets go back and forth, 37 00:01:17,700 --> 00:01:19,080 sounds like a lot of work. 38 00:01:19,080 --> 00:01:20,600 And so, function as a service 39 00:01:20,600 --> 00:01:22,140 eliminates the need for me to do that. 40 00:01:22,140 --> 00:01:24,810 Instead, I can write the code in something like Python 41 00:01:24,810 --> 00:01:27,060 and then run it in this environment. 42 00:01:27,060 --> 00:01:28,520 Now, when we talk about serverless, 43 00:01:28,520 --> 00:01:30,980 you notice that keyword in this definition. 44 00:01:30,980 --> 00:01:32,600 Serverless is a software architecture 45 00:01:32,600 --> 00:01:35,570 that runs functions within virtualized runtime containers 46 00:01:35,570 --> 00:01:39,200 in a cloud rather than on dedicated server instances. 47 00:01:39,200 --> 00:01:41,220 So, when you deal with serverless, 48 00:01:41,220 --> 00:01:43,110 everything in serverless is developed 49 00:01:43,110 --> 00:01:45,560 as a function or a microservice. 50 00:01:45,560 --> 00:01:48,180 We want to be able to give it an input and get an output. 51 00:01:48,180 --> 00:01:51,460 And the service should do one thing and only one thing. 52 00:01:51,460 --> 00:01:53,220 So, you can design it, build it, 53 00:01:53,220 --> 00:01:55,850 and test it completely independently. 54 00:01:55,850 --> 00:01:58,320 Now, who is using things like serverless 55 00:01:58,320 --> 00:02:00,040 and function as a service? 56 00:02:00,040 --> 00:02:01,230 Do you know any big examples 57 00:02:01,230 --> 00:02:03,420 or big companies out there doing this now? 58 00:02:03,420 --> 00:02:06,340 Well, one of the biggest ones out there is Netflix. 59 00:02:06,340 --> 00:02:09,040 That's right, if you've watched any Netflix recently, 60 00:02:09,040 --> 00:02:11,100 you've been actually using serverless. 61 00:02:11,100 --> 00:02:14,710 Netflix delivers over 10 billion hours of video 62 00:02:14,710 --> 00:02:18,060 to 125 million customers every quarter 63 00:02:18,060 --> 00:02:20,310 and they do this using serverless. 64 00:02:20,310 --> 00:02:21,870 They do this because they're able to serve 65 00:02:21,870 --> 00:02:23,250 that large of an audience 66 00:02:23,250 --> 00:02:26,260 by using a wide range of highly complex infrastructure 67 00:02:26,260 --> 00:02:30,100 that relies on AWS, specifically its serverless capability 68 00:02:30,100 --> 00:02:31,480 known as Lambda. 69 00:02:31,480 --> 00:02:34,410 Now, all of this is done using this AWS Lambda, 70 00:02:34,410 --> 00:02:36,200 which is a serverless environment. 71 00:02:36,200 --> 00:02:40,450 Essentially, Amazon runs all of these underlying servers 72 00:02:40,450 --> 00:02:42,560 and Netflix doesn't have to worry about them at all. 73 00:02:42,560 --> 00:02:44,000 All Netflix needs to do is know 74 00:02:44,000 --> 00:02:45,440 that when they give them code 75 00:02:45,440 --> 00:02:47,520 that's written in Python or some of other language, 76 00:02:47,520 --> 00:02:49,170 Lambda can run it and they don't care 77 00:02:49,170 --> 00:02:51,500 about what that looks like underneath that. 78 00:02:51,500 --> 00:02:53,660 Now, we're going to talk more about how this actually works, 79 00:02:53,660 --> 00:02:56,550 but Netflix is using this AWS Lambda 80 00:02:56,550 --> 00:02:58,430 to essentially build this rule-based 81 00:02:58,430 --> 00:03:00,230 self-managing infrastructure 82 00:03:00,230 --> 00:03:02,760 that replaces a lot of the old inefficient processes. 83 00:03:02,760 --> 00:03:04,440 And it helps them reduce the rate of errors 84 00:03:04,440 --> 00:03:07,630 and save them lots of time and lots of money. 85 00:03:07,630 --> 00:03:09,710 One of the great things about doing serverless 86 00:03:09,710 --> 00:03:10,810 is that it eliminates the need 87 00:03:10,810 --> 00:03:13,260 to manage physical or virtual servers. 88 00:03:13,260 --> 00:03:15,360 Instead, you just get the service you need, 89 00:03:15,360 --> 00:03:17,900 which is something that can run some kind of a language. 90 00:03:17,900 --> 00:03:20,180 For instance, mine runs Python. 91 00:03:20,180 --> 00:03:21,140 Now, when you do this, 92 00:03:21,140 --> 00:03:23,360 you're not paying for these servers all the time either. 93 00:03:23,360 --> 00:03:25,370 You're only paying when they're executing. 94 00:03:25,370 --> 00:03:27,090 So, my particular automation 95 00:03:27,090 --> 00:03:29,090 only runs once every couple hours. 96 00:03:29,090 --> 00:03:32,810 And when it does that, it runs for maybe 3 to 30 seconds. 97 00:03:32,810 --> 00:03:35,940 When I get a bill, it's for that 3 to 32nd increment 98 00:03:35,940 --> 00:03:38,630 four times a day or six times a day or 12 times a day, 99 00:03:38,630 --> 00:03:39,700 or however often I do it. 100 00:03:39,700 --> 00:03:41,850 And so, the bill for this for us 101 00:03:41,850 --> 00:03:43,440 is less than a dollar a month. 102 00:03:43,440 --> 00:03:45,690 It is super cheap to use these things. 103 00:03:45,690 --> 00:03:48,430 Now, Netflix's bill is a lot more money, but again, 104 00:03:48,430 --> 00:03:49,263 you're only paying for the time 105 00:03:49,263 --> 00:03:51,500 that you're actually using processing. 106 00:03:51,500 --> 00:03:53,420 And so, this is a really great way to do things 107 00:03:53,420 --> 00:03:55,370 and it can save you a lot of money. 108 00:03:55,370 --> 00:03:57,160 Now, what are some real big benefits here? 109 00:03:57,160 --> 00:04:00,050 Well, for one, there's no patching 'cause there's no server. 110 00:04:00,050 --> 00:04:01,720 Two, there's no administration. 111 00:04:01,720 --> 00:04:03,040 You don't have to administer a server 112 00:04:03,040 --> 00:04:04,620 because it doesn't exist. 113 00:04:04,620 --> 00:04:07,380 And three, there's no file system monitoring because again, 114 00:04:07,380 --> 00:04:10,250 there's no server, you're just running code. 115 00:04:10,250 --> 00:04:12,040 Now, the underlying architecture here 116 00:04:12,040 --> 00:04:14,100 is going to be managed by your cloud service provider. 117 00:04:14,100 --> 00:04:16,100 So, if you're using AWS Lambda, 118 00:04:16,100 --> 00:04:17,900 it's Jeff Bezos and his team at Amazon 119 00:04:17,900 --> 00:04:19,820 who has to worry about the underlying architecture. 120 00:04:19,820 --> 00:04:20,960 They pay for the network. 121 00:04:20,960 --> 00:04:22,010 They pay for the servers. 122 00:04:22,010 --> 00:04:23,260 They pay for the operating system. 123 00:04:23,260 --> 00:04:24,480 They pay for the patching. 124 00:04:24,480 --> 00:04:25,950 They pay for all the security, 125 00:04:25,950 --> 00:04:27,670 and you just get to run your code. 126 00:04:27,670 --> 00:04:30,160 That's the benefit of using something like serverless. 127 00:04:30,160 --> 00:04:31,690 Now, what is your job, though, 128 00:04:31,690 --> 00:04:32,990 as a cybersecurity professional? 129 00:04:32,990 --> 00:04:36,680 Because if we don't have to patch and we don't have to scan 130 00:04:36,680 --> 00:04:40,310 and we don't have to operate in admin, what are we going to do? 131 00:04:40,310 --> 00:04:42,050 Well, that's a really good question. 132 00:04:42,050 --> 00:04:44,090 Our job here as cybersecurity analysts 133 00:04:44,090 --> 00:04:47,160 inside of this world of function as a service and serverless 134 00:04:47,160 --> 00:04:49,760 is to ensure that the clients accessing the services 135 00:04:49,760 --> 00:04:51,540 have not been compromised. 136 00:04:51,540 --> 00:04:54,080 Now, I'm not talking here about your end user's workstation. 137 00:04:54,080 --> 00:04:56,690 If you're Netflix, it's not your job to make sure 138 00:04:56,690 --> 00:04:59,480 that my home computer is properly patched and updated 139 00:04:59,480 --> 00:05:01,130 before I connect to your service. 140 00:05:01,130 --> 00:05:02,730 Instead, I'm more concerned 141 00:05:02,730 --> 00:05:05,220 with your developers' workstations and their accounts 142 00:05:05,220 --> 00:05:06,053 because they're the ones 143 00:05:06,053 --> 00:05:07,450 who are going to update the application code 144 00:05:07,450 --> 00:05:09,560 that's creating these functions and services. 145 00:05:09,560 --> 00:05:11,880 So, if I'm a programmer for Netflix, 146 00:05:11,880 --> 00:05:13,840 then you as a cybersecurity analyst need to make sure 147 00:05:13,840 --> 00:05:16,540 that my workstation is properly secured, 148 00:05:16,540 --> 00:05:18,830 that my credentials are properly secured, 149 00:05:18,830 --> 00:05:21,300 that I write my code in a very secure way. 150 00:05:21,300 --> 00:05:23,710 So, a lot of our job as cybersecurity professionals 151 00:05:23,710 --> 00:05:26,610 starts moving from the infrastructure side of things 152 00:05:26,610 --> 00:05:29,040 into more of the code analysis side of things. 153 00:05:29,040 --> 00:05:31,430 And that's why cybersecurity is such a broad field 154 00:05:31,430 --> 00:05:33,430 because there's all these different areas 155 00:05:33,430 --> 00:05:34,330 and that doesn't mean 156 00:05:34,330 --> 00:05:35,800 that we're going to be serverless tomorrow, 157 00:05:35,800 --> 00:05:38,310 that all infrastructure is going to go away because guess what? 158 00:05:38,310 --> 00:05:40,420 Amazon still has the underlying servers. 159 00:05:40,420 --> 00:05:42,570 And so, there is going to be some role for people 160 00:05:42,570 --> 00:05:45,260 to work at Amazon and Google and Microsoft 161 00:05:45,260 --> 00:05:46,770 to be able to run their programs 162 00:05:46,770 --> 00:05:48,910 and make sure they're being done securely. 163 00:05:48,910 --> 00:05:51,820 But when we talk about working for a company like Netflix, 164 00:05:51,820 --> 00:05:54,110 their cybersecurity folks are much more focused 165 00:05:54,110 --> 00:05:56,260 on looking at the code that their developers are making 166 00:05:56,260 --> 00:05:57,410 to make sure it's secure, 167 00:05:57,410 --> 00:05:59,150 to make sure their authentication systems are good, 168 00:05:59,150 --> 00:06:02,490 their authorization systems are good, and things like that. 169 00:06:02,490 --> 00:06:05,370 So, when it comes up to the idea of function as a service 170 00:06:05,370 --> 00:06:07,540 and serverless, we really have to ask the question, 171 00:06:07,540 --> 00:06:09,820 is it safe or is it risky? 172 00:06:09,820 --> 00:06:12,950 Well, with serverless, it does have some considerable risks 173 00:06:12,950 --> 00:06:14,200 that you have to consider. 174 00:06:14,200 --> 00:06:16,290 There are use cases and best practices 175 00:06:16,290 --> 00:06:18,340 when you're dealing with traditional infrastructure, 176 00:06:18,340 --> 00:06:20,040 but serverless and function as a service 177 00:06:20,040 --> 00:06:21,570 is still relatively new. 178 00:06:21,570 --> 00:06:24,180 So, you're kind of in uncharted territory here 179 00:06:24,180 --> 00:06:25,840 and being a bit of an adventure. 180 00:06:25,840 --> 00:06:28,300 That in itself makes it a bit more risky 181 00:06:28,300 --> 00:06:30,680 because we don't know the longterm implications of that. 182 00:06:30,680 --> 00:06:32,380 We don't know all the best cases 183 00:06:32,380 --> 00:06:34,330 and the best practices to use. 184 00:06:34,330 --> 00:06:36,040 Now, another thing that's risky about this 185 00:06:36,040 --> 00:06:37,190 is that you're fully dependent 186 00:06:37,190 --> 00:06:38,670 on the underlying service provider. 187 00:06:38,670 --> 00:06:40,450 So, I keep saying Amazon as an example, 188 00:06:40,450 --> 00:06:43,340 but Amazon is responsible for the dependency, 189 00:06:43,340 --> 00:06:45,270 the redundancy, and a lot of the security 190 00:06:45,270 --> 00:06:47,000 that underpin your services. 191 00:06:47,000 --> 00:06:48,810 And you're basically wishing all that away 192 00:06:48,810 --> 00:06:50,730 and hoping they do a good job. 193 00:06:50,730 --> 00:06:51,990 Now, that is one of the things 194 00:06:51,990 --> 00:06:54,820 that is a little bit more risky because. Again, 195 00:06:54,820 --> 00:06:57,770 they haven't been doing this for a long, long, long time. 196 00:06:57,770 --> 00:07:00,270 They're good at what they do and they do the best they can 197 00:07:00,270 --> 00:07:01,260 to make sure everything's secure, 198 00:07:01,260 --> 00:07:03,970 but is it 100% secure and reliable? 199 00:07:03,970 --> 00:07:05,630 Well, maybe, maybe not. 200 00:07:05,630 --> 00:07:07,150 Is it better than what you could do yourself? 201 00:07:07,150 --> 00:07:09,370 Well, maybe, maybe not, that depends. 202 00:07:09,370 --> 00:07:10,610 And so, these are risk decisions 203 00:07:10,610 --> 00:07:12,590 the CIO and the CSO are going to make, 204 00:07:12,590 --> 00:07:14,700 and then you, as an analyst, are going to have to fall in line 205 00:07:14,700 --> 00:07:16,670 and work through those decisions, right? 206 00:07:16,670 --> 00:07:18,630 Because again, these are servers that you can't see, 207 00:07:18,630 --> 00:07:20,700 you can't touch because you don't own them. 208 00:07:20,700 --> 00:07:21,590 Amazon owns them. 209 00:07:21,590 --> 00:07:22,750 Microsoft owns them. 210 00:07:22,750 --> 00:07:24,010 Google owns them, right? 211 00:07:24,010 --> 00:07:25,470 You only have access to the code 212 00:07:25,470 --> 00:07:27,290 that you're running on top of them. 213 00:07:27,290 --> 00:07:29,570 Now, if you do decide to start working with serverless, 214 00:07:29,570 --> 00:07:31,080 I want you to remember that serverless 215 00:07:31,080 --> 00:07:32,850 depends on orchestration. 216 00:07:32,850 --> 00:07:34,970 It's all about automation and orchestration 217 00:07:34,970 --> 00:07:37,740 and being able to spin up and spin down resources 218 00:07:37,740 --> 00:07:39,220 very, very quickly. 219 00:07:39,220 --> 00:07:40,730 Now, a lot of that is done for you 220 00:07:40,730 --> 00:07:42,570 by the underlying services, but again, 221 00:07:42,570 --> 00:07:44,750 your code might need to take that into account 222 00:07:44,750 --> 00:07:46,190 as you're making those actions 223 00:07:46,190 --> 00:07:48,260 because if you're going to be using application log 224 00:07:48,260 --> 00:07:49,760 just to be able to process an action, 225 00:07:49,760 --> 00:07:51,730 or read or write things to a database, 226 00:07:51,730 --> 00:07:53,500 or read or write a log transaction, 227 00:07:53,500 --> 00:07:55,990 or copy a file and deliver it to a user, 228 00:07:55,990 --> 00:07:58,210 all of these are things that require automation 229 00:07:58,210 --> 00:08:00,390 and connection between these different services 230 00:08:00,390 --> 00:08:02,580 that you're dealing with inside of the serverless 231 00:08:02,580 --> 00:08:04,583 or function as a service perspective.