By Jeff Broth
The pandemic continues to play a significant role in the way trends are shaping up in 2022, with societies shifting, adapting, and developing new technologies and processes. The field of cybersecurity will be seeing new trends and changes in relation to new developments in how people do things and how cybercriminals are becoming more creative with their attacks.
Ransomware and remote work cyber threats rose to prominence in 2021, and they will likely linger over the next few years. However, there are other security challenges or concerns that are also expected to leave conspicuous footprints not only in the UK markets but also globally. The serverless infrastructure and Artificial intelligence of Things (AIoT), in particular, are among the highlights of this period.
A report by A2Z Market Research says that the global serverless computing market will grow at a CAGR of 23 percent for the 2020 to 2028 period. This significant growth is not surprising, given how many organizations already rely on cloud computing and other related technologies.
A form of utility computing, the serverless architecture can be regarded as a cloud computing execution model wherein the cloud provider becomes the server. In this capacity, the cloud (serverless solution) provider manages the allocation of machine resources dynamically. Customers only pay for the resources they use, not fixed units of capacity.
The serverless architecture provides a number of advantages, including flexibility, scalability, and more rapid time to release. Also, it frees developers from the need to constantly worry about the purchase, provisioning, and management of backend servers. It does not require constant server management, and updates are much more easily done. Moreover, using the serverless architecture can help address latency issues, as files can be transmitted faster, and codes can be run closer to the end-user.
However, these advantages also come with drawbacks in terms of cybersecurity. It is difficult to ascertain security when organizations rely entirely on third parties to run their backends. Also, serverless architecture entails multi-tenancy, which can be prone to data exposure if not configured properly. Organizations would have to make sure that their networks have reliable serverless security protection that includes full security visibility and automated mitigation measures. It is also important to sandbox critical functions and establish a powerful infrastructure that will not easily collapse under aggressive and sophisticated cyberattacks.
Serverless functions are faced with numerous attacks, including HTTP response splitting, HTTP method tampering, malformed content, path traversal, unvalidated redirects, command injection, cross-site scripting, cross-site request forgery, database access violation, CSS and HTML injection, and SQL injection. The serverless architecture can also add more attack surfaces if it does not have strong enough authentication, cryptography, browser caching, and cookie security.
Moreover, the serverless architecture complicates the process of testing and debugging. Developers cannot simulate serverless environments to conduct more thorough security testing. Developers also cannot easily examine backend processes because applications are divided into separate functions. It would be necessary to use special solutions or platforms to facilitate effective testing and debugging.
In an apparent nod to the growing risks associated with greater serverless architecture use, a forecast by Market Study Report says that the serverless security market will soar at 29.9 percent CAGR for the forecast period 2021-2027. It is expected to be worth $6.9 billion in the next five years. This growth is driven by the globalization of the cloud infrastructure, investments in leading serverless services, and the early adoption of related technologies.
Hikvision Digital Technology, a prominent IoT and vision systems firm, recently released its list of trends for the security industry in 2022. One of the notable items here is AIoT, which is a portmanteau of AI and IoT. It is expected to create new opportunities, but it also comes with new security challenges.
“AIoT is taking the security industry to a higher plane, automating the workflows and procedures of enterprises and aiding in the digital transformation of various industry verticals such as energy, logistics, manufacturing, retail, education, healthcare, etc,” Hikvision writes, in line with its projection that AI will be everywhere in the years to come.
The integration of artificial intelligence or machine learning and the Internet of Things is expected to result in more use cases for IoT. This means more businesses or organizations will be using web-connected devices in their day-to-day operations, expanding cyber-attack surfaces and creating more opportunities for organizations to commit mistakes that may weaken their security posture.
These mistakes include the faulty configuration of access controls, the continued use of outdated software, lack of encryption, unpatched application vulnerabilities, insufficient privacy protection, and the lack of a trusted execution environment.
AI is a great addition to IoT, as it can expand the functions of a multitude of web-enabled devices. However, with faulty design and implementation, it is difficult to ascertain that AIoT will not become a tool that assists threat actors in achieving their goals. Organizations would have to double down on their cybersecurity strategies and goals to make sure AIoT will create significantly more benefits than risks.
According to a study by Transparency Market Research, the AIoT market is set to grow at a CAGR of 30 percent for the period 2020-2030. This growth is driven by the growing demand for IoT with embedded AI tech to adopt edge analytics solutions and accelerate decision-making processes at certain points of operation. The increased adoption of AI-powered connected devices across industries is accelerating the development of more AIoT products and solutions.
Similar to what is happening in serverless architecture, there is a corresponding growth in security risks with AIoT’s increased adoption. Edge AI and machine learning expert Albert Liu says that security is the future of AIoT. If businesses want to take full advantage of this technology, they need to make sure they do it securely. Also, if AIoT solution providers want to broaden the reach and viability of their offerings, they need to ascertain the security of their products or services.
Serverless and AIoT are not strangers to each other. A few years back, there were already talks of combining these technologies to address global problems. There have been attempts to harness IoT to solve issues in agriculture, manufacturing, and other fields. However, success had been quite elusive for these efforts.
The failures are most attributed to data-related issues and a lack of skills and infrastructure. The rise of serverless is seen as a suitable complement in ensuring the success of IoT solutions for mass deployment. Serverless provides the advantages of lower costs, improved services, and notably easier setup and maintainability.
Additionally, it is important to emphasize the importance of security in all of these. Both serverless and AIoT have security challenges that should be addressed first for them to deliver their optimum benefits and make sure that their fusion does not create even more complex security challenges.
Jeff Broth is a business writer and advisor, covering finance, cyber, and emerging fintech trends. He has consulted for SMB owners and entrepreneurs for eight years.