Redacting sensitive data
Security is a primary requirement of all systems. We must design our systems from the ground up to be secure. Defense in depth means that every layer of a system must do its part to prevent an attack. Least-privilege access to resources is a critical part of keeping data secure. We cover authentication and authorization in Chapter 3, Taming the Presentation Tier, and Chapter 6, A Best Friend for the Frontend. However, this is not enough; we must secure data at rest.
Fortunately, serverless computing draws the line of the cloud security shared responsibility model significantly high in the technology stack, such that it allows teams to focus more of their efforts on identifying the sensitive data and securing their domain models. Most of the mundane security requirements are quickly handled through configuration and easily validated with continuous auditing. But securing data at rest is the last line of defense, and yet it is where the most shortcuts are...