Tech giant Microsoft announced to open source Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments.
This tool is an event-driven, serverless compute application built on the top of Azure Functions that expedites the research process and assessment of security controls. The developers are currently covering use cases in Azure, and working on extending it to other cloud providers.
Released earlier in 2010, Microsoft’s cloud computing environment, Azure, offers tools and frameworks for businesses to develop, manage, and deploy applications on a global network. It provide SaaS and PaaS services in its public cloud environment. However, Microsoft also extends its Azure offerings to its hybrid cloud service Azure Stack, which allows users with an on-premise or hybrid infrastructure to take advantage of Azure services.
Cloud Katana relies on platform as a service (PaaS) concepts to provide a simplified and scalable event-driven solution without worrying about deploying and maintaining the underlying infrastructure used to execute simulations.
To meet this need, Cloud Katana uses Azure Functions to abstract the operating system layer from the code through a pay-per-execution billing model that automatically scales based on trigger invocations.
Developed on server less execution model principle, Cloud Katana provides attack simulations documented in YAML based format to aggregate metadata to ensure right permissions before running a simulation step.
This project welcomes contributions and suggestions in its GitHub repository.