Function as a Service (FaaS)
What is Function as a Service (FaaS)?
Function as a Service (FaaS)A serverless cloud model in which short-lived functions run on demand in response to events, with the provider managing servers, scaling, and runtime.
Function as a Service is the execution model behind most serverless platforms. Developers upload small, stateless functions that the cloud runs only when triggered by an HTTP request, queue message, storage event, or schedule. The provider transparently allocates ephemeral containers and scales them from zero to thousands of concurrent invocations. Security responsibilities still include code quality, dependency hygiene, secrets handling, and least-privilege IAM roles attached to each function. FaaS-specific risks include event-data injection, over-privileged execution roles, vulnerable third-party libraries, cold-start side channels, and denial-of-wallet attacks that drive up cost. Controls include SCA, runtime protection, function-level IAM, and strict input validation.
● Examples
- 01
AWS Lambda, Google Cloud Functions, Azure Functions.
- 02
Cloudflare Workers and Vercel Functions for edge logic.
● Frequently asked questions
What is Function as a Service (FaaS)?
A serverless cloud model in which short-lived functions run on demand in response to events, with the provider managing servers, scaling, and runtime. It belongs to the Cloud Security category of cybersecurity.
What does Function as a Service (FaaS) mean?
A serverless cloud model in which short-lived functions run on demand in response to events, with the provider managing servers, scaling, and runtime.
How do you defend against Function as a Service (FaaS)?
Defences for Function as a Service (FaaS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Function as a Service (FaaS)?
Common alternative names include: Serverless functions, FaaS.