I am a big advocate of serverless products instead of "traditional" ones. Cloud Run instead of GKE, Fargate instead of EKS, Pub/Sub instead of Kafka and Aurora instead of RDS. You get lower costs, less infra to manage, no need to worry about networking... But what about security? Can you really make sure that your serverless workloads (or data) are safe?

In this talk, we will go through several serverless offerings in the areas of data & compute, and look at their vulnerabilities and security options. We'll cover topics like:

- How serverless architecture changes the attack surface
- Vulnerabilities in serverless platforms and services
- Best practices for securing serverless workloads

By the end of this talk, you'll be able to:

- Understand the security risks of serverless computing
- Implement best practices for securing your serverless workloads
- Sleep soundly knowing that your serverless applications are secure

Prerequisites:
- Understanding of serverless vs "traditional" compute and data offerings
- Familiarity with AWS and GCP, how to design and build infrastructure
- Understanding of different layers of security in the cloud (what is the responsibility of the user vs the provider, what happens to data in use, how resources are provisioned onto the provider's hardware, what encryption and access control options exist).

Recording of this talk: https://www.youtube.com/watch?v=m9sLWY8ddvc

I've given several talks about securing data platforms in the cloud (for example, here https://datateamssummit.com/2022-2/multi-cloud-tight-regulations/ and here https://www.youtube.com/watch?v=P1bTBwlyPtU), and have also written blogs directly or indirectly related to serverless security (example https://medium.com/google-cloud/the-misadventures-of-one-cloud-function-edd8e4036e92)