Month: January 2020

What is Serverless Computing?

We all use mobile phones. Many of us use a fixed data plan that charges us for a threshold amount of data per day or month. Anything above this limit is charged at a premium. Now, it’s not necessary that you will use each byte of data for which you’re paying. In fact, most of the data goes unused.

Serverless_Web_App

(Image Source: aws.amazon.com)

This can be compared to the traditional computing system. Companies had to invest bundles of money in buying costly servers. With the advent of  cloud computing, companies could rent storage space on the cloud  which was cheaper than buying servers, but most companies miscalculated and leased more space than needed.

Now, continuing with our mobile phone analogy. Post-paid or pay-as-you-use plans are the preferred choice of most mobile phone users. You pay only for the quantum of data that you use. You don’t have to shell out a minimum amount, neither are you penalized for overuse.

This can be compared to serverless computing. Developers can code but companies need not purchase servers or rent cloud space. Servers are involved but developers aren’t concerned with them. So, ‘serverless’ computing is not actually ‘serverless.’

custom1

Why Serverless Computing?

The main benefit you get from switching to serverless computing is cost savings that you get. You pay only for the services that you use. The entire infrastructure is maintained by the vendor. This turns out not only cheaper but also scales up and down easily. As your backend services expand and you need more server space, you can easily avail it. You won’t have to shell out on servers, physical space, and technicians to maintain the servers.

There are other benefits of serverless computing:

  • Scalability: Scaling up or down is never an issue with companies that opt for serverless architecture. Their developers can do limitless coding while the server vendors look after increasing or decreasing system capacities.
  • Easy coding: Independent methods to invoke calls to backend can be written easily by developers. With Function-as-a-Service (FaaS), coding is quick and hassle-free.
  • Faster delivery: The turnaround time for code deployment and bug fixing reduces considerably. Developers can do testing and fixing on piecemeal basis instead of rolling out complicated overhauls.

Serverless computing is an extended service provided by cloud providers. Many leading cloud providers are the major players in serverless computing. They include AWS Lambda, Azure Functions, IBM OpenWhisk, and Google Cloud Functions.

Serverless computing vs. Traditional Computing

The debate of serverless versus traditional computing goes on. Needless to say, both architectures have their pros and cons. But there is a lot of propaganda by cloud vendors claiming serverless computing as the trend to follow.

Let us know how the two structures compare vis-à-vis some important parameters:

Cost Structure

This is a no-contest. Serverless computing wins hands down in the pricing area. Vendors charge you for the number of function executions that you make. You are allocated time slots for running a function. The more executions, more will be your bill. But the greatest saving comes from the staff overheads that you won’t incur now.

Networking

Here, traditional computing scores over serverless computing. Serverless systems require you to set up private APIs. Traditional computing lets you access code via regular IPs. Though this can be a deal breaker, it doesn’t affect the overall cost structure of serverless architecture.

Integrations

If your application depends on using third-party libraries such as for coding or cryptography, you should opt for traditional computing. This is because serverless computing will require you to make these libraries and integrations available within the application, which can make it too heavy and sluggish. But here again all depends on the context. For simple applications, serverless architecture can still make sense with one or two in-app integrations.

Multiple Environments

Setting up multiple environments is easy breezy in serverless architecture. You don’t have to bother about setting up different machines for development, staging, and production. So, in the factor, traditional computing takes a rough beating from serverless computing.

Timeout

Some applications or functions require external referencing or have variable execution times. For such functions, serverless architecture is no good. This is because serverless computing has a stringent timeout of 300 seconds (mostly). Not all applications are able to complete their cycles in this duration. Traditional architecture is a clear winner in timeouts department.

Scalability

Scaling up and down is not an issue with serverless computing. It happens instantly and seamlessly. This can be perceived as an advantage by many, but actually it has a downside. Coders are not able to address and mitigate glitches when new functions or executions are instantiated. This means a lack of control over the proceedings which can be counted as a major drawback of serverless computing.

Key Highlights of Functions-as-a-Service (FaaS)

FaaS are not any different from functions in general. They involve lines of code that feed some input into the system. The input is processed and output is produced.

The difference lies in the execution of functions. In FaaS, each execution can exist in a separate container. You cannot expect the files to be available for successive executions. Each execution is independent and stateless.

Another difference is that FaaS cease to exist as soon as they finish executing. The container in which they’re executing gets scrapped while the function is underway.

FaaS can be externally and directly invoked. Sometimes, an HTTP request or message notification triggers FaaS. Most external invokes are raised by other cloud services.

A serverless architecture typically has the following components:

  1. Web server
  2. FaaS
  3. Security token service (STS)
  4. Database
  5. User authentication

custom2

Serverless Architecture: The Developer’s Perspective

Serverless architecture can be a boon for developers. They can save precious bandwidth that they used to devote in server management and administration roles. Their responsibility and liability reduces by a big margin. They can focus on building the application while the server vendors look after the backend services for them.

Conclusion

So that’s serverless architecture in a nutshell. Stay tuned for more in-depth articles on serverless computing and other related topics.

To know more about iView Labs, kindly log on to our website www.iviewlabs.com and to get in touch with us with your queries and needs just write us an email on  and .

Download the latest portfolio to see our work.

How to Make Your Cloud Applications GDPR Compliant?

General Data Protection Regulation (GDPR) is an effort to control personal data that is housed and accessed by third parties, including cloud service providers (CSP). The provisions of GDPR are stringent and violation penalties are hefty. Even a slight deviation from the regulation can cost your company dearly.

the-framed-bear-8wewP5tpt-4-unsplash

(Image Source: Unsplash)

Companies that rely on CSPs to run and manage applications will have to be extra-cautious if they want to avoid paying heavy fines and losing customer faith. Even if you are toeing the line set out by GDPR, your CSP might not be doing the same. In that case, you are culpable for a crime you didn’t exactly commit. You will have to pay a huge fine and lose face and goodwill in the marketplace. Both scenarios spell disaster for any business.

If you hear warning bells, let us reassure you that there are many viable ways of making your cloud-run applications GDPR-compliant. But before we delve into the matter, let us know what GDPR is and why you need to follow it.

GDPR- Basic Facts

What is GDPR?

GDPR is a set of rules that dictates companies to protect the personal data of consumers that they collect. It seeks to empower consumers to keep their data confidential and safeguard it against leakage or compromise. The policy is set to replace the data protection laws of 1995 which have become outdated in the current scenario.

Who needs to follow GDPR?

While GDPR governs companies in the European Union (EU), its rules also apply to export of personal data to companies outside the EU. In this way, GDPR covers a large proportion of companies worldwide in its ambit.

GDPR covers companies with:

  • Offices in the EU
  • Non-EU companies that are dealing with data exported from EU
  • 250+ employees
  • Less than 250 workers but whose activities impact a large number of people. By recent stats, nearly 92% of US companies are keeping GDPR compliance as their top security concern.

Types of personal data covered by GDPR

Personal identifiable information (PII) as defined by GDPR includes:

  • Identity information including name, personal address, and IDs
  • Web data like IP address and location
  • Health data and sexual orientation
  • Biometric information
  • Ethnic background and political affiliations

How much is the GDPR non-compliance fine?

There are two tiers of administrative penalties that can be levied if your company isn’t GDPR-ready. These fines are imposed on a case-to-case basis, and not a blanket rule for all operations.

  1. Tier 1- Fine of €10 million or 2% of annual global turnover, whichever is higher
  2. Tier 2- Fine of €20 million or 4% of annual global turnover, whichever is higher

GDPR

Are your Cloud Applications GDPR-Ready?

If you have a lot of cloud deployments hosted by third parties, you will have to ensure that they are as GDPR-compliant as you are. Such companies need more than technology to remain ahead of the curve. Their internal cloud teams will need to be trained so that they can create secure and compliant applications.

Here is a four-pronged approach you can apply:

  • Make your cloud partners compliant

The cloud ecosystem consists of the vendor and the customer, both of whom should be GDPR compliant. The cloud provider (vendor) needs to secure their physical infrastructure as well as resources meant for storage, computing, and database services.

If you’re importing personal data that is subsequently captured by your cloud vendor, ensure that you have firewalls in place, at instance and application levels. You will have to monitor access controls, logging, and encryption of the applications.

Major cloud players such as AWS, Google Cloud, Microsoft Azure have their GDPR regulations in place. The smaller vendors need to follow suit. The ultimate onus of fulfilling GDPR regulations lies with the cloud customer only.

  • Conduct an internal audit

As mentioned, PII includes a lot of sensitive information that can be compromised or leaked. Data security and breach is a top concern with most internet users today. In many surveys, customers have admitted that they hesitate to engage with companies that ask unreasonable personal details. With every high-profile data breach case, the stranglehold around companies becomes tighter.

GDPR is an opportunity for companies to take an objective look at the kind of data they are collecting from customers. Is so much data actually required by the business? What about the existing data within the system? Is it outdated or irrelevant in present situation? If so, it is advisable to dispose it and make your database as lean as possible.

Since cloud applications require exchange of customer data with vendors, an internal audit will ensure that minimum sensitive information passes hands.

  • Be proactive about security

Big name cloud providers such as Amazon, Google Cloud, and Microsoft AWS have the following security features in place:

Access: Using IAM, administrators can drill down upon granular-level permissions for each user and service. You can leverage MFA or multi-factor authentication to segregate high-level permissions to users.

Encryption: You should encrypt data that is in transit between internal cloud services. Similarly, data at rest should also be encrypted to fool-proof it. AWS’s key vault and key management services can be deployed for enabling encryption.

Monitoring: You can use monitoring services offered by AWS such as CloudTrail and Security Center,  and CloudWatch by Amazon to plug loopholes in your cloud processes.

Threat Detection: Specific services in AWS and Amazon help to spot malicious URLs and suspicious activities and plug them at source.

  • Empower your teams

You need to keep a watch on your hiring and training processes so that your staff is capable of creating and deploying GDPR-ready applications. Encourage cloud teams to follow security best practices regarding data access and exchange. Keep upskilling workforce to bridge skill gaps and extract maximum productivity. Try to keep ahead of the next technological disruption by monitoring the global trends and challenges.

Wrap up

The technology space is always evolving and you need to remain up-to-date at all times. A loss of personal data will not only invite GDPR’s ire but also show your company in poor light. It is imperative that you follow advancements in the security domain.

Watch this space for the latest news on security and compliance.

To know more about iView Labs, kindly log on to our website www.iviewlabs.com and to get in touch with us with your queries and needs just write us an email on  and .

Download the latest portfolio to see our work.