Ensuring the Security of Serverless Applications Using the Zero Trust Approach

Yevhen Mykhailenko

Citation: Yevhen Mykhailenko, "Ensuring the Security of Serverless Applications Using the Zero Trust Approach", Universal Library of Engineering Technology, Volume 02, Issue 03.

Copyright: This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

The article examines the problem of securing serverless applications amid the rapid spread of cloud-native approaches and organizations’ transition to the code as a function model. The study aims to identify key threats arising from the use of serverless architectures and to justify the application of the Zero Trust concept as a foundational protection model. The topic’s relevance is determined by the diminishing efficiency of classic methods of perimeter security because of the ephemeral nature of the function, high speed of deployment, and distributed infrastructure character. The novelty of the paper includes carrying out a systematization of attack vectors in serverless environments and developing a holistic scheme for the application of Zero Trust at all stages of the application life cycle- starting from design and build up to running and monitoring. The analysis has proven that the major vulnerabilities in the serverless model are within identity and access management misconfigurations, an insecure supply chain, and event trigger exploitation. There is an overwhelming presence of both excessive privileges and vulnerable configurations. Make Zero Trust is an objective necessity. In practice, enforce multi-factor authentication and least-privilege design right from the design stage as signed artifacts cryptographically at build time, strict isolation, and egress control at runtime, plus continuous monitoring with automated response at the operations level. This set of measures makes it possible to localize threats and maintain application resilience without sacrificing flexibility and scalability. The article will be helpful to researchers in cloud security, practicing architects, and DevSecOps engineers, as well as executives making decisions about adopting modern protection models.


Keywords: Serverless, Zero Trust, Cloud Security, Identity and Access, Supply Chain, Vulnerabilities, DevSecOps.

Download doi https://doi.org/10.70315/uloap.ulete.2025.0203018