Going Serverless: Best Practices

What to Consider Before Adopting Serverless

Team Stackery

4 Things You Need to Know About Serverless Adoption

Making the move to serverless architecture? By accelerating app development time, serverless isn’t just a boon for business, it’s also a win for engineering teams.

Gartner explains: “Serverless architectures enable developers to focus on what they should be doing — writing code and optimizing application design — making way for business agility and digital experimentation.”

Making smart use of software delivery resources with serverless

Serverless architectures free up time. Instead of getting bogged down in infrastructure management, you and your team can focus on building well-architected apps that deliver ongoing value to your customers. Serverless saves money, too — you only pay for the cloud resources you use. For example, global insurer Liberty Mutual slashed app maintenance costs by 99.98%, from $50,000 to $10 per year — freeing up dollars while giving engineers time back to focus on business-impacting work.

With serverless driving efficiency and productivity, it’s no surprise adoption is taking off. In fact, according to the 2020 Coding Sans’ State of Serverless report, 75% of respondents use serverless today. And, nearly 50% of those who haven’t yet gone serverless are planning to do so in the next 12 months.
Use of Serverless.jpg

Source: State of Serverless report, Coding Sans, 2020

ALT TAG: 75% of orgs use serverless

4 best practices to make the transition to serverless stress-free

While serverless has its benefits, getting there requires a few key steps, including choosing providers, migrating operations, and revising workflow(s). Beyond those foundational pieces, you’ll also need to keep an active drumbeat around team adoption. Celebrate wins and talk through problems as a team. This collaborative culture helps attract and retain top talent, too.

As you lay out your serverless adoption roadmap, here are four best practices to help you tackle these steps — making your transition as productive and stress-free as possible:

  1. Embrace autonomy for your coders, but don’t isolate them.
  2. Embrace single-purpose functions, but avoid generic privileges.
  3. Embrace speedy development, but avoid hasty rollouts.
  4. Embrace third-party providers, but avoid unnecessary expenses.

Let’s explore these best practices in detail.

Best practice #1: Embrace autonomy for your coders, but don’t isolate them

By collapsing the time from prototype to production, serverless adoption gives developers the power to move faster in the race to innovate. That means more features and fixes — and more dazzling products. It also creates greater autonomy for developers, eliminating dependencies and sign-offs found in more traditional development workflows. Instead of designing an app, sending it for architectural review, and then passing it off to operations for deployment, developers now own their code throughout the process.

How to adapt coder roles and responsibilities to optimize serverless production

Here are some tips to keep in mind as you navigate these changes:

  • Define all microservices and map the flow of data between them, so you can create specs to keep critical data safe if one of the services goes down.
  • Bring Ops in during planning and/or refactoring phases to jointly devise identity and access management (IAM) permissions and policies.
  • Promote hand-in-glove collaboration between front-end and back-end developers.
  • Reconvene the development team before launch and assign specific task forces during deployment. For example, you might delegate based on areas of expertise, such as function-as-a-service (FaaS), services, events, and infrastructure-as-code.

Best practice #2: Embrace single-purpose functions, but avoid generic privileges

If AWS Lambda is the first thing that comes to mind when you think serverless, you’re not alone. According to Coding Sans’ State of Serverless report, AWS Lambda is the top technology in serverless toolboxes, with 87% of respondents using it today. Its popularity stems from one key serverless concept: function-as-a-service (FaaS). Although just one capability in the hefty serverless stack, FaaS is a game-changer, redefining the way developers build apps.

Functions play a central role in serverless app design

Using functions, developers can parse massive apps into easier-to-manage, discrete parts. By design, they support simplicity, so embrace it. Steer clear of large, complex functions. Instead, write each function to do just one thing. This will help your app perform well, no matter how high demand surges.

Single-purpose functions are also smart from a security perspective. Keeping your code as compact as possible reduces its cyberattack surface. Here are some other recommendations to bolster serverless security:

  • Establish IAM for each function, restricting privileges to the minimal amount of access required.
  • Perform continuous scans on functions to check for vulnerabilities.
  • Schedule systematic reviews of functions — and revise as needed.

Best practice #3: Embrace speedy development, but avoid hasty rollouts

Undoubtedly, rapid app development is the main reason why more and more engineering teams are adopting serverless. Case in point: IT consultancy Ikon Integration shaved more than three weeks off development time with a serverless approach, supported by Stackery.

But, although the benefits are clear, exercising quality controls in a serverless architecture can be a bit tricky. It calls for a new approach.

Like containers, serverless architecture is spun upon immutable infrastructure, making it virtually impossible to stage or test before production. That means you have no choice but to test in production.

Testing in production

The concept of testing in production might sound scary, potentially subjecting customers to frustrating user experiences or even security risks. But, if you keep these guiding principles in mind, you’ll sidestep possible pitfalls:

  • Build observability into your code, which helps you answer the question, “Is this app behaving as expected?” By incorporating rich instrumentation into your shipped code, you can collect real-time data from the app and pinpoint the root of issues.
  • Stage rollouts of new features to keep tabs as you scale deployment. For example, consider deploying to 10% of your user base, then gradually increasing while monitoring for errors along the way.
  • Scan for vulnerabilities daily. With thousands of vulnerabilities being discovered every year, it’s important to run continuous checks as part of the CI/CD pipeline.
  • Use metrics that map to the business. Rather than zeroing in on app performance, set KPIs based on the business goals that led you to develop the app in the first place.

Best practice #4: Embrace third-party providers, but avoid unnecessary expenses

Once you’re working serverless, you’ll have fewer logistics to worry about, for operations and coding. But, finding the right providers and APIs can be complicated — and costly if not given proper consideration upfront.

The bottom line: Spend time researching your options and go with the provider that best supports your business goals.

Here are some questions to ask when evaluating serverless (i.e., cloud computing) providers:

  • Plan for today and tomorrow: Are they financially stable? Do they have proven success stories with deployments like the one you’re planning? What’s their roadmap for new features, integrations, and services? Do their values and vision align with yours?
  • Play it safe: Do they tell you where their data centers reside? Do they give you choice and control in terms of where your data is stored, processed, and managed? Are you clear how/when they use encryption for both data in transit and at rest? What happens if there’s a data loss or breach? How quickly will you be notified? Do their policies align with regulatory requirements?
  • Plot out the day-to-day: Do they have the range of managed services offerings you need? Can they back it up with technical know-how? Do their architectures and standards match your management preferences? What type of migration capabilities do they provide? How well do they complement your team’s skills? How will you manage environments (e.g., AWS accounts, Azure/GCP resource groups) and access controls for developers and operators (e.g., AWS SSO)?

Finally, routinely monitor third-party services and situations that may lead to vendor lock-in. Keeping an eye on this can help you avoid production hiccups while also curtailing unnecessary costs.

Adopt serverless best practices to help developers do their best work

Whether you’re moving to serverless for HTTP REST APIs and web applications, batch jobs, business logic, or a different use case, you can ease the transition by incorporating the above best practices into your culture and workflows.

Have questions about how you can empower your team to do their best work? Talk to us about implementing these practices. We’re always here to help with your serverless adoption plans.

serverless security

Related posts

What You Need to Know About Serverless Security
EngineeringWhat You Need to Know About Serverless Security

Common Attacks and How to Prevent Them

Guide to Serverless Information Security
EngineeringGuide to Serverless Information Security

Featuring real-world examples

© 2022 Stackery. All rights reserved.