Authors : Bharath Kumar Reddy Janumpally

Volume/Issue : Volume 10 - 2025, Issue 3 - March

Google Scholar : https://tinyurl.com/2m2w84jd

Scribd : https://tinyurl.com/25r7khbb

DOI : https://doi.org/10.38124/ijisrt/25mar023

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Serverless computing has revolutionized cloud-based application development by eliminating the need for developers to manage infrastructure. Cloud providers take care of provisioning, scalability, and security fixes, freeing developers to concentrate entirely on code composition. Serverless architectures, primarily driven by Function-as-a-Service (FaaS) and Backend-as-a-Service (BaaS), offer advantages such as cost efficiency, scalability, and reduced operational overhead. However, these benefits come with significant data security and privacy challenges, including authentication weaknesses, data exposure risks, and vendor lock-in. This paper explores the fundamentals of serverless computing, its key security concerns, and mitigation strategies. Analyzing existing literature and emerging trends provides insights into best practices for enhancing security and privacy in serverless environments. Their study also examines compliance requirements, encryption techniques, and architectural advancements that address these challenges.

Keywords : Serverless Computing, Data Security, Privacy Protection, Encryption, Cloud Computing Security.

References :

1. H. B. Hassan, S. A. Barakat, and Q. I. Sarhan, “Survey on serverless computing,” Journal of Cloud Computing. 2021. doi: 10.1186/s13677-021-00253-7.
2. M. Gopalsamy, “Predictive Cyber Attack Detection in Cloud Environments with Machine Learning from the CICIDS 2018 Dataset,” IJSART, vol. 10, no. 10, 2024.
3. Mani Shankar, S. Lingolu, and M. K. Dobbala, “A Review Paper on Serverless Computing : A Security,” J. Artif. Intell. Cloud Comput., no. 05, pp. 5872–5878, 2024.
4. Suhag Pandya, “Advanced Blockchain-Based Framework for Enhancing Security, Transparency, and Integrity in Decentralised Voting System,” Int. J. Adv. Res. Sci. Commun. Technol., vol. 2, no. 1, pp. 865–876, Aug. 2022, doi: 10.48175/IJARSCT-12467H.
5. A. Kushwaha, P. Pathak, and S. Gupta, “Review of optimize load balancing algorithms in cloud,” Int. J. Distrib. Cloud Comput., vol. 4, no. 2, pp. 1–9, 2016.
6. Mani Shankar, S. Lingolu, and M. K. Dobbala, “Data Security and Privacy Protection for Cloud Storage: A Survey,” J. Artif. Intell. Cloud Comput., 2024, doi: 10.1109/ACCESS.2020.3009876.
7. Rajarshi Tarafdar, “AI-Powered Cybersecurity Threat Detection in Cloud,” Int. J. Comput. Eng. Technol., p. 266, 2025.
8. Mani Shankar, S. Lingolu, and M. K. Dobbala, “LEAP Collaboration System,” in Journal of Artificial Intelligence & Cloud Computing, 2024.
9. S. Murri, S. Chinta, S. Jain, and T. Adimulam, “Advancing Cloud Data Architectures: A Deep Dive into Scalability, Security, and Intelligent Data Management for Next-Generation Applications,” Well Test. J., vol. 33, no. 2, pp. 619–644, 2024, [Online]. Available: https://welltestingjournal.com/index.php/WT/article/view/128
10. S. Lingolu, M. Shankar, Dobbala, and M. Kumar, “Serverless Architectures and Their Influence on Web Development,” J. Artif. Intell. Cloud Comput., vol. 3, no. 2, pp. 1–6, 2024, doi: 10.47363/jaicc/2024(3)297.
11. B. Boddu, “Cloud-Based E-CCNN Architecture for Early Heart Disease Detection A Machine Learning Approach,” Int. J. Med. Public Heal., vol. 14, no. 4, p. 9, 2024, [Online]. Available: https://www.ijmedph.org/Uploads/Volume14Issue4/73. [1095._IJMEDPH_Jafar] 374-382.pdf
12. V. S. Thokala, “Improving Data Security and Privacy in Web Applications : A Study of Serverless Architecture,” Int. Res. J., vol. 11, no. 12, pp. 74–82, 2024.
13. D. Barcelona-Pons, P. Sutra, M. Sánchez-Artigas, G. París, and P. García-López, “Stateful Serverless Computing with Crucial,” in ACM Transactions on Software Engineering and Methodology, 2022. doi: 10.1145/3490386.
14. J. Spring, “Monitoring cloud computing by layer, Part 2,” IEEE Secur. Priv., 2011, doi: 10.1109/MSP.2011.57.
15. L. Jiang, Y. Pei, and J. Zhao, “Overview Of Serverless Architecture Research,” J. Phys. Conf. Ser., vol. 1453, p. 12119, 2020, doi: 10.1088/1742-6596/1453/1/012119.
16. H. Xi, M. Zhu, K. Y. Lee, and X. Wu, “Multi-timescale and control-perceptive scheduling approach for flexible operation of power plant-carbon capture system,” Fuel, 2023, doi: 10.1016/j.fuel.2022.125695.
17. J. Scheuner and P. Leitner, “Function-as-a-Service performance evaluation: A multivocal literature review,” J. Syst. Softw., 2020, doi: 10.1016/j.jss.2020.110708.
18. R. Bishukarma, “Adaptive AI-Based Anomaly Detection Framework for SaaS Platform Security,” Int. J. Curr. Eng. Technol., vol. 12, no. 07, pp. 541–548, 2022, doi: https://doi.org/10.14741/ijcet/v.12.6.8.
19. R. A. P. Rajan, “A review on serverless architectures-Function as a service (FaaS) in cloud computing,” Telkomnika (Telecommunication Comput. Electron. Control., vol. 18, no. 1, pp. 530–537, 2020, doi: 10.12928/TELKOMNIKA.v18i1.12169.
20. S. Plangi, “Overview of Backend as a Service Platforms,” Univ. Tartu, 2016.
21. A. and P. Khare, “Cloud Security Challenges : Implementing Best Practices for Secure SaaS Application Development,” Int. J. Curr. Eng. Technol., vol. 11, no. 6, pp. 669–676, 2021, doi: https://doi.org/10.14741/ijcet/v.11.6.11.
22. A. Jangda, D. Pinckney, Y. Brun, and A. Guha, “Formal foundations of serverless computing,” Proc. ACM Program. Lang., 2019, doi: 10.1145/3360575.
23. Er. Venkata Ramanaiah Chintha, “Server Less Computing_ Evaluating the Benefits and Challenges of Server Less Architecture in Cloud Computing.” 2024.
24. V. S. Thokala, “A Comparative Study of Data Integrity and Redundancy in Distributed Databases for Web Applications,” Int. J. Res. Anal. Rev., vol. 8, no. 04, pp. 383–390, 2021.
25. V. Kolluri, “A Pioneering Approach To Forensic Insights: Utilization Ai for Cybersecurity Incident Investigations,” Int. J. Res. Anal. Rev., vol. 3, no. 3, 2016.
26. Suhag Pandya, “Integrating Smart IoT and AI-Enhanced Systems for Predictive Diagnostics Disease in Healthcare,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 10, no. 6, pp. 2093–2105, Dec. 2023, doi: 10.32628/CSEIT2410612406.
27. A. P. A. S. Neepa kumari Gameti, “Innovations in Data Quality Management: Lessons from the Oil & Gas Industry,” Int. J. Res. Anal. Rev., vol. 11, no. 3, pp. 889–895, 2024.
28. H. S. Chandu, “A Review of IoT-Based Home Security Solutions: Focusing on Arduino Applications,” TIJER – Int. Res. J., vol. 11, no. 10, pp. a391–a396, 2024.
29. T. Gaber, A. El-Ghamry, and A. E. Hassanien, “Injection attack detection using machine learning for smart IoT applications,” Phys. Commun., 2022, doi: 10.1016/j.phycom.2022.101685.
30. M. Mehmood, R. Amin, M. M. A. Muslam, J. Xie, and H. Aldabbas, “Privilege Escalation Attack Detection and Mitigation in Cloud Using Machine Learning,” IEEE Access, vol. 11, 2023, doi: 10.1109/ACCESS.2023.3273895.
31. S. Weisman, “What are Denial of Service (DoS) attacks? DoS attacks explained,” NortonLifelock, 2020.
32. P. S. N. Patel, D. Parikh, R. K. Eranna, J. Patel, and P. Siddhapura, “Machine Learning Based Security Device For Cloud Computing,” 2024
33. M. D. Sanjeev Prakash, Jesu Narkarunai Arasu Malaiyappan, Kumaran Thirunavukkarasu, “Achieving Regulatory Compliance in Cloud Computing through ML,” Adv. Int. Advert., vol. 2, no. 5, pp. 1–66, 2024.
34. A. P. A. Singh and N. Gameti, “Innovative Approaches to Data Relationship Management in Asset Information Systems,” vol. 12, no. 6, pp. 575–582, 2022.
35. N. Patel, “Secure Access Service Edge(Sase): Evaluating The Impact Of Convereged Network Security Architectures In Cloud Computing,” J. Emerg. Technol. Innov. Res., vol. 11, no. 3, pp. e703–e714, 2024.
36. Y. Kannan, “Serverless Security: Best Practices for Protecting Functions-as-a-Service,” Int. J. Sci. Res., vol. 13, no. 7, pp. 1190–1194, 2024, doi: 10.21275/sr24723103837.
37. P. G. Himanshu Kumar et al., “The Journey to Intent-based Networking: Ten Key Principles for Accelerating Adoption,” IEEE Access, 2017.
38. S. Arora and S. R. Thota, “Automated Data Quality Assessment And Enhancement For Saas Based Data Applications,” J. Emerg. Technol. Innov. Res., vol. 11, pp. i207–i218, 2024, doi: 10.6084/m9.jetir.JETIR2406822.
39. E. Marin, D. Perino, and R. Di Pietro, “Serverless computing: a security perspective,” Journal of Cloud Computing. 2022. doi: 10.1186/s13677-022-00347-w.
40. R. Arora, S. Gera, and M. Saxena, “Mitigating Security Risks on Privacy of Sensitive Data used in Cloud-based ERP Applications,” in 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom), 2021, pp. 458–463.
41. M. Kumar, “Serverless Architectures Review, Future Trend and the Solutions to Open Problems,” Am. J. Softw. Eng., 2019, doi: 10.12691/ajse-6-1-1.
42. A. Goyal, “Optimising Cloud-Based CI/CD Pipelines: Techniques for Rapid Software Deployment,” Tech. Int. J. Eng. Res., vol. 11, no. 11, pp. 896–904, 2024.
43. S. R. Thota, S. Arora, and S. Gupta, “Hybrid Machine Learning Models for Predictive Maintenance in Cloud-Based Infrastructure for SaaS Applications,” 2024, pp. 1–6. doi: 10.1109/ICDSNS62112.2024.10691295.
44. M. Golec, G. K. Walia, M. Kumar, F. Cuadrado, S. S. Gill, and S. Uhlig, “Cold Start Latency in Serverless Computing: A Systematic Review, Taxonomy, and Future Directions,” J. ACM, vol. 37, no. 4, 2023, doi: 10.1145/3700875.
45. M. R. S. and P. K. Vishwakarma, “The Assessments of Financial Risk Based on Renewable Energy Industry,” Int. Res. J. Mod. Eng. Technol. Sci., vol. 06, no. 09, pp. 758–770, 2024.
46. J. Xiong, M. Wei, Z. Lu, and Y. Liu, “Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud,” in Proceedings of the ACM Conference on Computer and Communications Security, 2021. doi: 10.1145/3460120.3485372.
47. B. Boddu, “Securing and Managing Cloud Databases for Business - Critical Applications,” J. Eng. Appl. Sci. Technol., 2025.
48. S. Murri, “Data Security Environments Challenges and Solutions in Big Data,” Int. J. Curr. Eng. Technol., vol. 12, no. 6, pp. 565–574, 2022.
49. D. Kelly and F. Glavin, “DoWTS – Denial-of-Wallet Test Simulator: Synthetic data generation for preemptive defence,” J. Intell. Inf. Syst., vol. 60, pp. 1–24, 2022, doi: 10.1007/s10844-022-00735-3.
50. N. S. Dey, S. P. K. Reddy, and G. Lavanya, “Serverless Computing: Architectural Paradigms, Challenges, and Future Directions in Cloud Technology,” in 7th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud), I-SMAC 2023 - Proceedings, 2023. doi: 10.1109/I-SMAC58438.2023.10290253.
51. M. Ihtesham et al., “Privacy Preserving and Serverless Homomorphic-Based Searchable Encryption as a Service (SEaaS),” IEEE Access, 2023, doi: 10.1109/ACCESS.2023.3324817.
52. K. Govindarajan and A. De Tienne, “Resource Management in Serverless Computing - Review, Research Challenges, and Prospects,” in 12th IEEE International Conference on Advanced Computing, ICoAC 2023, 2023. doi: 10.1109/ICoAC59537.2023.10249574.
53. C. Wu, L. Zhang, L. Xu, K. K. R. Choo, and L. Zhong, “Privacy-Preserving Serverless Federated Learning Scheme for Internet of Things,” IEEE Internet Things J., vol. 11, no. 12, pp. 22429–22438, 2024, doi: 10.1109/JIOT.2024.3380597.
54. X. Li, X. Leng, and Y. Chen, “Securing Serverless Computing: Challenges, Solutions, and Opportunities,” IEEE Netw., 2023, doi: 10.1109/MNET.005.2100335.