100% found this document useful (5 votes)

124 views

Download ebooks file Serverless Security: Understand, Assess, and Implement Secure and Reliable Applications in AWS, Microsoft Azure, and Google Cloud Miguel A. Calles all chapters

Serverless

Uploaded by

arthosuranmw

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (5 votes)

124 views

Download ebooks file Serverless Security: Understand, Assess, and Implement Secure and Reliable Applications in AWS, Microsoft Azure, and Google Cloud Miguel A. Calles all chapters

Serverless

Uploaded by

arthosuranmw

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 55

Download the Full Version of textbook for Fast Typing at textbookfull.

com

Serverless Security: Understand, Assess, and

Implement Secure and Reliable Applications in AWS,
Microsoft Azure, and Google Cloud Miguel A. Calles

https://textbookfull.com/product/serverless-security-
understand-assess-and-implement-secure-and-reliable-
applications-in-aws-microsoft-azure-and-google-cloud-miguel-
a-calles/

OR CLICK BUTTON

DOWNLOAD NOW

Download More textbook Instantly Today - Get Yours Now at textbookfull.com

Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Biota Grow 2C gather 2C cook Loucas

https://textbookfull.com/product/biota-grow-2c-gather-2c-cook-loucas/

textboxfull.com

Beginning MLOps with MLFlow: Deploy Models in AWS

SageMaker, Google Cloud, and Microsoft Azure Sridhar Alla

https://textbookfull.com/product/beginning-mlops-with-mlflow-deploy-
models-in-aws-sagemaker-google-cloud-and-microsoft-azure-sridhar-alla/

textboxfull.com

Beginning Serverless Computing: Developing with Amazon Web

Services, Microsoft Azure, and Google Cloud 1st Edition
Maddie Stigler
https://textbookfull.com/product/beginning-serverless-computing-
developing-with-amazon-web-services-microsoft-azure-and-google-
cloud-1st-edition-maddie-stigler/
textboxfull.com

Beginning MLOps with MLFlow : Deploy Models in AWS

SageMaker, Google Cloud, and Microsoft Azure 1st Edition
Sridhar Alla
https://textbookfull.com/product/beginning-mlops-with-mlflow-deploy-
models-in-aws-sagemaker-google-cloud-and-microsoft-azure-1st-edition-
sridhar-alla/
textboxfull.com
Mastering Azure Serverless Computing Design and Implement
End to End Highly Scalable Azure Serverless Solutions with
Ease 1st Edition Abhishek Mishra
https://textbookfull.com/product/mastering-azure-serverless-computing-
design-and-implement-end-to-end-highly-scalable-azure-serverless-
solutions-with-ease-1st-edition-abhishek-mishra/
textboxfull.com

Getting Started with Containers in Google Cloud Platform :

Deploy, Manage, and Secure Containerized Applications
Shimon Ifrah
https://textbookfull.com/product/getting-started-with-containers-in-
google-cloud-platform-deploy-manage-and-secure-containerized-
applications-shimon-ifrah/
textboxfull.com

Cloud Native Apps on Google Cloud Platform Use Serverless

Microservices and Containers to Rapidly Build and Deploy
Apps on Google Cloud English Edition Gilchrist
https://textbookfull.com/product/cloud-native-apps-on-google-cloud-
platform-use-serverless-microservices-and-containers-to-rapidly-build-
and-deploy-apps-on-google-cloud-english-edition-gilchrist/
textboxfull.com

Designing Internet of Things Solutions with Microsoft

Azure : A Survey of Secure and Smart Industrial
Applications Nirnay Bansal
https://textbookfull.com/product/designing-internet-of-things-
solutions-with-microsoft-azure-a-survey-of-secure-and-smart-
industrial-applications-nirnay-bansal/
textboxfull.com

Getting Started with Containers in Google Cloud Platform

Deploy Manage and Secure Containerized Applications 1st
Edition Shimon Ifrah
https://textbookfull.com/product/getting-started-with-containers-in-
google-cloud-platform-deploy-manage-and-secure-containerized-
applications-1st-edition-shimon-ifrah/
textboxfull.com
Serverless
Security
Understand, Assess, and Implement Secure
and Reliable Applications in AWS, Microsoft
Azure, and Google Cloud
—
Miguel A. Calles
Serverless Security
Understand, Assess, and
Implement Secure and Reliable
Applications in AWS, Microsoft
Azure, and Google Cloud

Miguel A. Calles
Serverless Security: Understand, Assess, and Implement Secure and Reliable
Applications in AWS, Microsoft Azure, and Google Cloud
Miguel A. Calles
La Habra, CA, USA

ISBN-13 (pbk): 978-1-4842-6099-9 ISBN-13 (electronic): 978-1-4842-6100-2

https://doi.org/10.1007/978-1-4842-6100-2

Copyright © 2020 by Miguel A. Calles

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with
every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an
editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the
trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not
identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to
proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.
Managing Director, Apress Media LLC: Welmoed Spahr
Acquisitions Editor: Susan McDermott
Development Editor: Laura Berendson
Coordinating Editor: Jessica Vakili
Distributed to the book trade worldwide by Springer Science+Business Media New York, 1 NY Plaza,
New York NY 10004. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or
visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is
Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware
corporation.
For information on translations, please e-mail [email protected]; for reprint,
paperback, or audio rights, please e-mail [email protected].
Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and
licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales
web page at http://www.apress.com/bulk-sales.
Any source code or other supplementary material referenced by the author in this book is available to
readers on GitHub via the book’s product page, located at www.apress.com/978-1-4842-6099-9. For more
detailed information, please visit http://www.apress.com/source-code.
Printed on acid-free paper
Table of Contents
About the Author�� xi

About the Technical Reviewer�� xiii

Acknowledgments��xv

Introduction��xvii

Chapter 1: Introduction to Cloud Computing Security�� 1

Cloud Computing Service Models�� 1
Infrastructure as a Service (IaaS)�� 2
Container as a Service (CaaS)�� 3
Platform as a Service (PaaS)�� 3
Function as a Service (FaaS)�� 3
Software as a Service (SaaS)�� 4
Cloud Computing Deployment Models�� 4
The Private or Enterprise Cloud�� 4
The Public Cloud�� 5
The Hybrid Cloud�� 6
Applying a Cloud Computing Model to FaaS�� 7
An Overview on Cybersecurity�� 8
Confidentiality�� 8
Integrity�� 9
Availability�� 9
The Need for Cloud Computing Cybersecurity�� 10
Examples of Threats�� 10
Identifying Threats�� 12
Key Takeaways�� 12

iii
Table of Contents

Chapter 2: Performing a Risk Assessment�� 15

Conventions�� 15
Example Serverless Application�� 15
Serverless Frameworks�� 16
Programming Language�� 16
Terms, Keywords, and Acronyms�� 17
Understanding the Application�� 18
Reviewing Documentation�� 18
Reviewing Source Code�� 23
Reviewing Accounts�� 25
Using the Application�� 26
Scoping the Security Assessment�� 29
Understanding the Threat Landscape�� 30
Threat Actors�� 31
Attack Surface�� 33
Creating a Threat Model�� 34
Preparing the Risk Assessment�� 35
Key Takeaways�� 37

Chapter 3: Securing the Code�� 39

Importance of Securing the Application Code�� 39
Choosing a Runtime Engine and Version�� 39
Assessing Libraries and Dependencies�� 46
Assessing the Dependency Tree�� 46
Checking for Vulnerabilities�� 48
Other Considerations�� 49
Using Static Code Analysis Tools�� 51
Unit Tests and Regression Tests�� 52
Input Validation�� 53
Event Sources�� 53
Sanitizing per Event Type�� 54

iv
Table of Contents

Key Takeaways�� 63
Notes�� 64

Chapter 4: Securing Interfaces�� 71

Importance of Securing Interfaces�� 71
Understanding Interfaces and Use Cases�� 72
Amazon Web Services (AWS)�� 72
Azure�� 77
Google Cloud�� 82
External Interfaces and Use Cases�� 85
Identifying the Interfaces�� 85
Serverless Configuration File�� 85
Function Code�� 91
Assessing and Reducing the Attack Surface�� 95
Key Takeaways�� 100

Chapter 5: Configuring the Application Stack�� 101

Importance of Configuring the Application Stack�� 101
Understanding the Serverless Configuration�� 101
Good Practices for the Serverless Configuration�� 104
Defining Multiple Services�� 104
Configuring the Provider�� 105
Organizing and Defining Functions�� 113
Pinning the Framework Version�� 117
Using Plugins�� 118
Using the Custom Section�� 120
AWS-Specific Configuration Settings�� 120
Key Takeaways�� 123

Chapter 6: Restricting Permissions�� 125

Importance of Restricting Permissions�� 125
Understanding Permissions�� 126
General Principles�� 127

v
Table of Contents

Amazon Web Services (AWS)�� 129

Azure�� 141
Google Cloud�� 152
Implementing Permissions�� 160
General Principles�� 160
AWS�� 165
Azure�� 171
Google Cloud�� 173
Key Takeaways�� 175

Chapter 7: Account Management�� 177

The Importance of Account Management�� 177
Understanding Provider Accounts�� 178
General Principles�� 178
Amazon Web Services (AWS)�� 179
Azure�� 183
Google Cloud�� 185
Securing Accounts�� 186
General Principles�� 187
AWS�� 189
Azure�� 194
Google Cloud�� 196
Key Takeaways�� 197

Chapter 8: Secrets Management�� 199

The Importance of Secrets Management�� 199
Protecting Secrets�� 199
General Principles�� 200
Amazon Web Services (AWS)�� 203
Azure�� 217
Google Cloud�� 221
Key Takeaways�� 226

vi
Table of Contents

Chapter 9: Authentication and Authorization�� 229

Authentication and Authorization�� 229
The Importance of Authentication and Authorization�� 230
General Principles�� 231
Amazon Web Services�� 243
Azure�� 251
Google Cloud�� 254
Key Takeaways�� 255

Chapter 10: Protecting Sensitive Data�� 257

Importance of Protecting Sensitive Data�� 257
Protecting Sensitive Data�� 258
General Principles�� 258
Amazon Web Services (AWS)�� 266
Azure�� 275
Google Cloud�� 280
Key Takeaways�� 283

Chapter 11: Monitoring, Auditing, and Alerting�� 285

The Importance of Monitoring, Auditing, and Alerting�� 285
Monitoring�� 287
General Principles�� 287
Amazon Web Services (AWS)�� 292
Azure�� 296
Google Cloud�� 297
Auditing�� 298
General Principles�� 299
AWS�� 302
Azure�� 304
Google Cloud�� 305
Alerting�� 306
General Principles�� 307

vii
Table of Contents

AWS�� 309
Azure�� 310
Google Cloud�� 311
Key Takeaways�� 312

Chapter 12: Additional Considerations�� 313

Balancing Security and Other Requirements�� 313
Continuous Integration/Continuous Delivery�� 314
Source Control�� 315
Serverless Framework Plugins�� 315
Serverless Configuration Sizes�� 316
Optimizing Functions�� 317
Fault Trees�� 318
Key Takeaways�� 319

Chapter 13: Finalizing the Risk Assessment�� 321

Collecting All the Findings�� 321
Scoring the Findings�� 322
Assessing the Business Impact�� 322
Key Takeaways�� 324

Appendix A: List of Acronyms�� 325

Appendix B: Setup Instructions�� 331
I nstalling Software�� 331
To Install Node.js and npm�� 331
To Install the Serverless Framework�� 332
To Set Up Python (Required by the AWS CLI)�� 332
To Set Up the Amazon Web Services (AWS) Command-Line Interface (CLI)�� 333
To Set Up the Microsoft Azure CLI�� 333

viii
Table of Contents

Configuring the Cloud Provider in the Serverless Framework�� 334

To Configure AWS�� 334
To Configure Azure�� 334
To Configure Google Cloud�� 334

Appendix C: Exercises Review�� 335

Index�� 339

ix
About the Author
Miguel A. Calles is a certified Cybersecurity engineer, works on cloud computing
projects, and writes about Cybersecurity. He has worked on multiple serverless projects
as a developer and security engineer, contributed to open source serverless projects,
and worked on large military systems in various engineering roles. He started in
Cybersecurity in 2016 for a US government contract, has been doing technical writing
since 2007, and has worked in multiple engineering roles since 2004. Miguel started to
gain interest in Cybersecurity when he was in middle school and was trying to reverse
engineer websites.
Miguel is a Principal Solutions and Security Engineer at VeriToll, LLC. He has a
Bachelor of Science degree in Material Science and Engineering from the Massachusetts
Institute of Technology, a Master of Business Administrator degree from the University of
Florida, a Cloud Security Alliance’s Certificate of Cloud Security Knowledge certification,
and a CompTIA A+ certification.

xi
About the Technical Reviewer
David A. Gershman is a Cybersecurity engineer for a government contractor and has
the CISSP certification. He has also taught Computer Science at California Polytechnic
University, Pomona, on topics ranging from introduction programming to computer
networking and Cybersecurity for over 20 years. In his spare time, David enjoys restoring
and programming retro 8-bit computers.

xiii
Acknowledgments
I would like to express thanks to the following persons and organizations:

• My wife and kids for supporting me in this endeavor.

• My mentor J.R. Richardson for helping me in my professional
development and encouraging me to explore new ways to grow.

• David Gershman for introducing me to the field of Cybersecurity and

throughly reviewing this book.

• Guise Bule for inviting me to join Secjuice (a blog site that promotes
writing about Cybersecurity and information security), where I first
started writing about Cybersecurity and serverless computing topics.

• David Huang from Paradigm Sift for his friendship since my college
days and helping me troubleshoot a topic in Chapter 8.

• VeriToll (my employer at the time of this writing) for allowing me

to write this book and introducing me to the world of serverless
computing.

• Raytheon, before they became Raytheon Technologies, for the several

years of writing technical manuals and design documents that
prepared me for writing my first published book.

• Several teachers that had a lasting impact on my education – Ms.

Mary Lang, Mr. Michael Swatek, and Professor Fiona Barnes.

• Apress for allowing me to share what I have learned about

Cybersecurity in serverless computing.

• Last but not least, my Creator for helping me achieve a life goal and
His provision.

xv
Introduction
When I started working with the Serverless Framework, I was curious about the security
aspect. I was transitioning to a project for a mobile app with a serverless back end.
Previously, I was an information assurance (IA) engineer working on Cybersecurity
for US Government military systems. I had become accustomed to using well-defined
processes and requirements in my role as an IA engineer. The systems we were securing
were part of a vast network of other systems with strict IA requirements. The threats
seemed limited; and implementing Cybersecurity, in many cases, was following a list of
checklists and requirements. But, Cybersecurity in the world of serverless development
was a new frontier.
The more I worked with serverless, the more I wondered about its Cybersecurity.
Cybersecurity with serverless projects seemed to lack the oversight that I experienced
in the IA world. The team could release a serverless application without addressing
security. I searched for serverless security and found limited information. I did find
some helpful documents on the top serverless security risks and well-written blog posts
about specific topics. I was looking for a book that provided an overview of serverless
security and guidance on approaching it.
I decided to write this book with the intent to fill that void and provide a resource
that addressed multiple aspects of serverless security. I leveraged my IA and
Cybersecurity experience, my hands-on experience with serverless, and my research
to write this book. In one perspective, this book provides an overview of serverless
security. You could be new to serverless and learn how to approach serverless security
by performing a risk assessment. From another perspective, this book provides
practical ways to address serverless security. You could be looking for examples and
recommendations to implement in your serverless projects. I am excited to share this
book with you because I believe it will guide you in identifying areas of consideration
when securing your serverless application.

xvii
CHAPTER 1

Introduction to Cloud
Computing Security
In this chapter, we will review cloud computing and how its security evolved. We will
learn how serverless computing relates to cloud computing and how securing serverless
computing differs from the typical cloud computing Cybersecurity. We will review
Cybersecurity, how it applies to cloud computing, and why it is needed. This chapter will
set the foundation for Cybersecurity in serverless computing by putting it in the context
of cloud computing and its security.

Cloud Computing Service Models

Cloud computing is a service offering where a client rents computing resources,
physically located in an offsite location, from a provider. The resources are available on
demand, and the client accesses them using the Internet. A client can rent resources
from networking and storage equipment to fully developed software applications.
Five major service models define how providers make cloud computing resources
available to their clients: Infrastructure as a Service (IaaS), Container as a Service (CaaS),
Platform as a Service (PaaS), Function as a Service (FaaS), and Software as a Service
(SaaS). Table 1-1 depicts how the responsibility of the resource varies among the cloud
computing types and compares to the traditional on-premise computing. We will briefly
review each cloud computing service model.

1
© Miguel A. Calles 2020
M. Calles, Serverless Security, https://doi.org/10.1007/978-1-4842-6100-2_1
Chapter 1 Introduction to Cloud Computing Security

Table 1-1. Comparison of Cloud Computing Service Models and On-Premise

Computing
Resource IaaS CaaS PaaS FaaS SaaS On-Premise

Application C C C C VR C
Data C C C C V C
Functions C C C VR V C
Runtime C C VR V V C
Security† C C VR V V C
Middleware C C VR V V C
Databases C C VR V V C
Operating Systems C C VR V V C
Containers C VR V V V C
Virtualization VR V V V V C
Servers/Workstations VR V V V V C
Storage VR V V V V C
Networking VR V V V V C
Data Centers V V V V V C

V = Vendor managed, R = Rentable resource, C = Client managed

†
Security resources typically includes security software and appliances. Cybersecurity is essential for
each resource type.

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS) is a service offering where a provider makes
infrastructure (e.g., networking equipment and computing equipment) available for
a client to use. IaaS enables a client to rent infrastructure without having to procure it.
The client is responsible for configuring and fine-tuning the different infrastructure
components. The provider is responsible for maintaining the infrastructure, making
it accessible, and ensuring a minimum level of reliability and availability. This type of

2
Chapter 1 Introduction to Cloud Computing Security

cloud computing is the closest to an on-premise model of buying, storing, powering,

configuring, maintaining, and administering the infrastructure components, but with
the simplified configuration and reduced maintenance and administration.

Container as a Service (CaaS)

Container as a Service (CaaS) is a service offering where a provider makes software
container creation and orchestration (e.g., Docker1 and Kubernetes2) available for a
client to use. CaaS enables a client to compile all the software packages (needed by an
application) into a container without having to set up the infrastructure. The client is
responsible for configuring the container and defining the orchestration. The provider
is responsible for maintaining the infrastructure, the container virtualization, and the
orchestration software. This type of cloud computing provides the benefit of running
a lightweight platform without having to set up the infrastructure nor install the
orchestration software.

Platform as a Service (PaaS)

Platform as a Service (PaaS) is a service offering where a provider makes a specific
platform (e.g., an operating system, a database, and a web server) available for a
client to use. PaaS enables a client to rent a platform without having to set up the
infrastructure. The client is responsible for configuring and fine-tuning the platform to
meet the specific need. The provider is responsible for maintaining the infrastructure,
keeping the platform software up to date, and ensuring a minimum level of reliability
and availability. This type of cloud computing provides the benefit of defining the
computational need without having to determine what kind of infrastructure is needed
to power the platform.

Function as a Service (FaaS)

Function as a Service (FaaS) (typically associated with serverless computing) is a
service offering where a provider enables a client to run individual software functions
and interconnect them to make an application. FaaS allows a client to rent computing

1
ocker is a registered trademark of Docker, Inc.
D
2
Kubernetes is a registered trademark of The Linux Foundation.

3
Chapter 1 Introduction to Cloud Computing Security

time needed to execute the functions without needing to maintain any supporting
software and hardware. The client is responsible for writing all the software functions
and defining the orchestration among them. The provider is responsible for properly
configuring and maintaining the infrastructure and platforms needed to execute the
functions. This type of cloud computing provides similar benefits as PaaS and CaaS
offerings, but without having to configure the platforms and containers, and enables the
client to develop a SaaS offering.

Software as a Service (SaaS)

Software as a Service (SaaS) is a service offering where a provider makes a specific piece
of software (e.g., a web application) available for a client to use. SaaS enables a client to
rent a piece of software without needing any hardware other than an Internet-connected
computing device. The client is responsible for customizing any software settings provided
by the application. The provider is responsible for ensuring the web application is available
and preventing others from accessing the client’s account data. This type of cloud computing
provides the benefits of using the software without having to perform maintenance.

Cloud Computing Deployment Models

Cybersecurity was a big concern in cloud computing in its infancy and continues to
be one. Cloud computing disrupted the traditional on-premise Cybersecurity model.
This new model required different strategies to implement Cybersecurity, and it shared
responsibilities with a third-party provider, which reserves the right to secure the system
differently than the client desires. Furthermore, the provider not only has to implement
Cybersecurity to establish trust with its clients. The provider also needs to secure its
offering to protect itself from external threats, which also includes its clients. New models
were birthed to accommodate the differing levels of adoption of cloud computing.

The Private or Enterprise Cloud

An enterprise uses a private cloud to have on-premise computing equipment
interconnected to on-premise networking equipment. This configuration is referred to
as a cloud because the computing equipment interconnects over an intranet (i.e., an

4
Chapter 1 Introduction to Cloud Computing Security

internal Internet). Ideally, the data is only accessible within the physical premises of
the enterprise for the highest Cybersecurity benefit; see Figure 1-1. An enterprise might
choose a private cloud to protect sensitive data.

Figure 1-1. Private Cloud

A private cloud can have the lowest Cybersecurity risk, assuming proper
Cybersecurity measures are in place. The enterprise is mostly or entirely responsible
for the Cybersecurity risk. It, therefore, results in higher costs because it must procure,
configure, and maintain all the networking and computing equipment and configure
and maintain any Cybersecurity measures. The enterprise may favor the private cloud
because the higher costs might be lower than those of a Cybersecurity breach, and it has
greater control over the Cybersecurity measures.

The Public Cloud

A provider establishes and provides a public cloud to make computing resources
available for rent over the Internet. This configuration enables an enterprise to put
data in the public cloud and have it accessible from any Internet-connected device;
see Figure 1-2. Ideally, Cybersecurity measures protect data by limiting access to only
specific parties. An enterprise might choose a public cloud to lower costs, increase
accessibility and availability, and offset risk.

5
Chapter 1 Introduction to Cloud Computing Security

Figure 1-2. Public Cloud

A public cloud might have higher Cybersecurity risks because there is no direct
purview over the infrastructure and Cybersecurity measures. The provider and the
enterprise share the Cybersecurity risk. The enterprise must have the expertise to
adequately configure the cloud’s Cybersecurity measures and protect its data. The
enterprise might favor the shared Cybersecurity risk because it cannot afford to set up
and maintain a private cloud, lacks the expertise to secure a private cloud, or prefers
faster development and deployment.

The Hybrid Cloud

An enterprise adopts a hybrid cloud to set up private and public clouds to work together.
This configuration enables an enterprise to use a private cloud for its more sensitive
data and a public cloud for its less sensitive data; see Figure 1-3. It further allows
taking advantage of both sets of features and computing capabilities of both clouds. An
enterprise might choose a hybrid cloud to meet legal and contractual requirements,
lower costs, and configure varying levels of Cybersecurity measures.

6
Chapter 1 Introduction to Cloud Computing Security

Figure 1-3. Hybrid Cloud

The hybrid cloud might be the best of both worlds in some situations. Still, it
potentially has a higher Cybersecurity risk than a private cloud and not necessarily a
lower risk than a public cloud. We should use properly configured private cloud security
equipment (e.g., firewall systems, intrusion detection/prevention systems, and security
information and event management systems) to establish a connection between the
public and private clouds. The connectivity between the private and public clouds
presents an opportunity for the bypassing of security equipment and exposing the data
within the private cloud. The enterprise might favor the increased Cybersecurity risk
for several reasons: it wants to take advantage of features within the public cloud; it has
several layers of Cybersecurity measures to mitigate the risk of the external connection;
it has multiple private clouds; the public cloud only has access to a limited set of private
clouds.

Applying a Cloud Computing Model to FaaS

FaaS can support all three deployment models. FaaS was initially introduced as a public
cloud solution because it reduces most of the configuration and maintenance effort. As
the FaaS offering matured, providers added the ability to access a private cloud from a
FaaS solution. The industry realized the need for having FaaS within a private cloud, and
it created a FaaS solution that runs on software containers installed on servers within a
private cloud. In this book, we will mostly explore Cybersecurity in the public cloud.

7
Chapter 1 Introduction to Cloud Computing Security

An Overview on Cybersecurity

Cybersecurity, or security for short, is the practice of identifying the assets that need
protecting, the threats against those assets, and the defenses needed to protect those
assets. Many engineers, developers, and managers have become accustomed to
implementing security in traditional on-premise systems: desktop computers, laptops,
servers, networking equipment, operating systems, and so on. The cloud computing era
disrupted how companies and individuals view their assets. Consequently, the practice
of security had to evolve to work in this new computational method. Now that the assets
and infrastructure are provided by a third party, the cloud computing provider and the
client share the responsibility for implementing security.
We can summarize security and its implementation in three words: confidentiality,
integrity, and availability. Using the confidentiality, integrity, and availability (CIA)
model (sometimes referred to as the CIA triad) is one way to identify the security risks
and security measures needed to mitigate those risks. We will explore each element.

Confidentiality
Applying confidentiality to a piece of data is giving access only to the intended recipients.
Said another way, confidentiality is preventing unauthorized access from unintended
recipients. A common term in recent news is “privacy.” An enterprise may choose to
implement confidentiality using encryption and access control.
Data has no encryption by default. Applying encryption to data prevents access to
it. The data is encrypted using a key, and only that key can decrypt the file to return it to
its original state. The key can be a password, file, or certificate. The encryption should
happen while the data is at rest (i.e., while it sits in the file system) or while it is in transit
(e.g., being transferred over the Internet).
Data has no access control by default, but modern operating systems do implement
some level of access control. Access control defines which data is accessible to others
and how that data is used. In an operating system that supports it, the access control
determines whether the current user can read, modify, or execute the data and also
defines whether other users can have similar privileges. It might also allow specifying a
subset of users that can read, modify, or execute the data.
FaaS solutions provide encryption and access control. The account owner needs to
enable shared access or public access; the account owner is the person or entity that
manages the account on the public cloud. The data owner can assign read, modify, and
8
Chapter 1 Introduction to Cloud Computing Security

delete privileges to the data; the data owner is the person or entity that manages the data
stores in the public cloud. The account owner is responsible for configuring the cloud
infrastructure to set the desired level of confidentiality. The cloud infrastructure provides
encryption for data in transit, data at rest, and access control to the data owner and
others. The provider’s cloud infrastructure only gives the account owner access to the
data. Cloud infrastructure supports encryption in transit and at rest.

Integrity
Ensuring integrity for a piece of data is giving confidence the data someone sent you
is the same data you received. Said another way, integrity is making sure there are no
unintended modifications to the data, and the intended recipient has trust they received
the expected data. The enterprise may choose to implement integrity using checksums,
version control, or logging.
A checksum is a representation of the data and is used to determine whether the file
has changed since it was last accessed. For example, when a user creates a file, the system
records its checksum. When the user modifies the file, the checksum also changes. The
user or file system can use the checksum to determine whether the file has changed.
Whenever a user creates, modifies, or deletes a file, a version control system or a
logging system captures the change. The version control system saves a copy of the file
for each version (and sometimes a checksum). In contrast, a logging system records the
type of change, the user who invoked the change, the time the change occurred, and
other relevant information.
FaaS solutions provide integrity solutions natively and as an add-on feature. The
account owner is responsible for configuring the cloud infrastructure to set the desired
level of integrity. The owner can also enable logging systems to capture changes to the
file and add checksums to the different versions of the data. The cloud infrastructure
supports version control of files. The cloud infrastructure natively does file replication at
the hardware level while maintaining the data integrity.

Availability
Providing availability for a piece of data is using measures to ensure intended recipients
can use the data. Said another way, availability is making sure the intended recipient
can access the data at any time. The enterprise may increase availability through
maintenance, replication, and redundancy.
9
Chapter 1 Introduction to Cloud Computing Security

Performing maintenance ensures the hardware hosting the data continues operating
as long as possible without interruption. For example, if a user stores a piece of data on
one piece of equipment, and it stops functioning, that data is no longer available for
a user to access. Had that unit been adequately maintained, it could have continued
operating longer, or the maintainer could have observed symptoms of imminent failure.
Therefore, it is essential to maintain hardware to keep it running to increase availability.
Replication and redundancy create replicas of data on other pieces of hardware. For
example, in the event one unit fails, others make the data available for a user to access.
An enterprise will use hardware components (e.g., Redundant Arrays of Independent
Disks, or RAIDs) to provide local, built-in redundancy and data backup software to
achieve geographical (offsite) redundancy.
FaaS solutions provide availability natively when storing data in the public cloud,
which has a minimum level of guaranteed availability. The account owner is responsible
for selecting a cloud infrastructure with the desired minimum availability and
configuring any additional availability features. For increased availability, the data owner
can choose to replicate the data across multiple geographic locations within the public
cloud infrastructure. Using cloud infrastructure eliminates the need to perform routine
hardware maintenance. However, regular checks of the account configuration and data
access are still warranted.

The Need for Cloud Computing Cybersecurity

Approaching Cybersecurity is similar, yet different, in public and hybrid clouds vs. a
private cloud. The enterprise has more control and influence of the security measures
in a private cloud. The security measures are implemented based on the risks identified
in an assessment. The enterprise should assess public and hybrid clouds similar to a
private cloud, but with the understanding that the threats vary.

Examples of Threats
Threats exist in the three cloud computing models and manifest themselves in several
ways. We will explore a few examples of how threats manifest.

10
Chapter 1 Introduction to Cloud Computing Security

Data Breaches from Insecure Data Storage

Since cloud storage configurations support private, shared, and public access, it is
probable public access was set unintentionally.3 For example, an attacker can use
an improperly configured cloud storage system to access highly sensitive data. An
inexperienced user may accidentally grant public access while attempting to limit
sharing to a small group. A user may also temporarily give public access to transfer data
to other parties, but forget to revert to private access. Data breaches can result from an
improperly configured cloud storage system.

ata Breaches from Identity and Access Management

D
Misconfiguration
Someone can access another person’s account if the Identity and Access Management
(IAM) system has a misconfiguration. The data owner might use an IAM system to
share data access with multiple users. Shared access should be limited to the users
that require the data and no one else. For example, the finance team should only have
access to confidential financial records, and not the engineering team or suppliers. Data
breaches have occurred because a supplier had access to a network where sensitive data
was processed.4 Data breaches can result when one account is compromised, and it has
access to data it should not.

Denial of Service Attack Due To Software Vulnerabilities

Any application exposed to the Internet is vulnerable to Denial of Service (DoS) or
Distributed Denial of Service (DDoS) attacks. Cloud services limit how much computing
power a client can use at any given time. An attacker hopes to exploit a weakness in the
application by sending multiple simultaneous requests and making the application
unavailable to the users. This downtime can result in financial loss and lost productivity.
Weaknesses can exist at any level. For example, an attacker can exploit a software
library with a known vulnerability by sending a large piece of data such that the

3
“ 100GB of secret NSA data found on unsecured AWS S3 bucket. 29 November 2017. Adam Shepard.
IT Pro. www.itpro.co.uk/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-
aws-s3-bucket
4
“What Retailers Need to Learn from the Target Breach to Protect against Similar Attacks.”
January 31, 2014. Chris Poulin. Security Intelligence. https://securityintelligence.com/
target-breach-protect-against-similar-attacks-retailers

11
Chapter 1 Introduction to Cloud Computing Security

application takes a significant time to process the entire data or eventually times out.5
If thousands or millions of requests are sent simultaneously to a vulnerable software
function, the application may stop responding for all users and result in a DoS to the
user base.

I dentifying Threats
The three previous examples illustrate the realization of threats. Your understanding of
the threats to your application will help you determine how to protect against them. We
will explore how to identify threats in the next chapter.

K
ey Takeaways
In this chapter, we reviewed cloud computing and Cybersecurity. This chapter aimed
to provide a foundation for the remainder of this book. We established concepts and
terminology in cloud computing. We will briefly review these concepts and terms.
We explored cloud computing service models:

• Infrastructure as a Service (IaaS) is using infrastructure

(e.g., computing and networking equipment) over the Internet.

• Container as a Service (CaaS) is using a software container

(e.g., Docker) over the Internet.

• Platform as a Service (PaaS) is using a configured platform

(e.g., a database) over the Internet.

• Function as a Service (FaaS) is running and orchestrating functions

(e.g., an email subscription function) over the Internet.

• Software as a Service (SaaS) is using an application

(e.g., a web-based email) over the Internet.

We covered cloud computing deployment models and how FaaS supports them:

5
“ Serverless Security & The Weakest Link (Avoiding App DoS).” 8 February 2019. Ory Segal.
PureSec Blog. www.puresec.io/blog/serverless-security-and-the-weakest-link-or-how-
not-to-get-nuked-by-app-dos

12
Chapter 1 Introduction to Cloud Computing Security

• Private cloud is where an enterprise uses computing equipment it

acquired and accesses it over an internal network. An enterprise can
set up an internal FaaS solution on its hardware.

• Public cloud is where an enterprise uses computing equipment from

a third party and accesses it over the Internet. An enterprise can use a
provider’s FaaS solution.

• Hybrid cloud is where an enterprise uses private and public clouds

for different purposes and uses security equipment to interconnect
them to minimize risk. An enterprise may configure a private
FaaS solution to access data from a public cloud and vice versa, given
the security equipment on both sides are configured to enable access.

We learned the confidentiality, integrity, and availability model in Cybersecurity and

how FaaS supports all three.

• Confidentiality is ensuring only the desired recipients can access

a piece of data. FaaS ensures confidentiality by limiting data access
to the account owner with access control systems and by using
encryption.

• Integrity is ensuring the data was unchanged and uncorrupted from

the last time it was accessed. FaaS provides integrity with version
control systems and logging systems.

• Availability is ensuring the intended recipient can access the data

without disruption. FaaS provides a minimum level of availability
and increases with replication across geographical regions.

We reviewed examples of Cybersecurity threats to depict the need for Cybersecurity

in cloud computing.
In the next chapter, we will examine how to assess a FaaS application and perform a
security risk assessment.

13
CHAPTER 2

Performing a Risk
Assessment
In this chapter, we will learn how to perform a risk assessment for a serverless
application. We will explore how to understand how the application works, which
includes reviewing documentation, source code, and system accounts and using the
application. We will discuss why we scope the risk assessment. We will learn how to
develop a threat model and how to use it to start creating the risk assessment.

C
onventions
We will review the conventions used throughout this book. For clarity, we will use one
example application throughout. We might deviate from this example application
at times when it makes sense to explain a concept better. We will use one FaaS
framework (or typically referred to as a serverless framework) for consistency, except
where it lacks support for a security configuration we are learning or when we can
better learn a principle by directly modifying the configuration. For simplicity, we will
use one programming language in the examples because it may become overwhelming
to cover the same principle in all programming languages supported by the serverless
provider and framework. The goal is to ensure an optimal experience in learning security
concepts with less focus on prescriptive approaches for implementing them.

E xample Serverless Application

Throughout this book, we will use a fictitious ecommerce mobile app in the examples.
This app allows users to buy and sell goods using a mobile app. The app brokers the
transactions to ensure both buyer and seller are protected. The mobile app communicates
to an Application Programming Interface (API) to execute the transactions.

15
© Miguel A. Calles 2020
M. Calles, Serverless Security, https://doi.org/10.1007/978-1-4842-6100-2_2
Chapter 2 Performing a Risk Assessment

The serverless framework will create the API. The serverless application will integrate
with other third-party services, which provide additional capabilities. The examples and
exercises reference this fictitious application but do not provide a fully functioning system.

S
erverless Frameworks
The three major FaaS and serverless providers are Amazon Web Services (AWS),
Microsoft Azure,1 and Google Cloud.2 You can manually set up functions using their
web-based consoles. You can choose an automated way to deploy the functions by
leveraging FaaS or serverless frameworks. There are several serverless frameworks,
which support different programming languages and multiple providers. We will focus
on a framework that supports AWS, Azure, and Google Cloud.
We will use the Serverless Framework3 in this book, not to be confused with the term
“serverless framework.” Serverless, Inc. created a serverless framework that supports
AWS, Azure, Google Cloud, and other serverless providers. The Serverless Framework
is written in Node.js4 JavaScript and has open source and paid versions. At the time
of this writing, the open source project has over 30,000 stars, forked over 3000 times,
and is actively maintained.5 For these reasons, we will use the Serverless Framework
throughout this book.

P
rogramming Language
The Serverless Framework was built using Node.js and exists as a package in the npm6
package manager. npm is arguably the fastest growing package repository with at least
one million packages at the time of this writing.7 The popularity is probably a result of
JavaScript being one of the easiest programming languages to learn.8 We will use Node.js

1
zure is a registered trademark of Microsoft Corporation.
A
2
Google and Google Cloud are registered trademarks of Google LLC.
3
Serverless Framework is a registered trademark of Serverless, Inc.
4
Node.js is a trademark of Joyent, Inc.
5
Serverless GitHub repository. https://github.com/serverless/serverless
6
npm is a registered trademark of npm, Inc.
7
Module Counts website. www.modulecounts.com
8
“The 10 easiest programming languages to learn.” 17 July, 2017. Alison DeNisco Rayome.
TechRepublic. www.techrepublic.com/article/the-10-easiest-programming-languages-
to-learn

16
Another Random Scribd Document
with Unrelated Content
Montoro de Diego looked at his informant with a startled
countenance, and then suddenly bent his eyes upon the ground as
though he expected to see the 'brothers' blood' crying for vengeance
from the soil.
"It is no good," he exclaimed at last. "I will stay in this accursed place
no longer. To my restlessness I might have opposed a sense of duty;
but to fight any longer against my miserable disgust at the scenes
around me is beyond my strength."
The bishop mused awhile before replying slowly,—
"And yet, good example is valuable."
"Elsewhere it may be, but not here," returned Diego hastily. "Else,
Riverenza, must your own bright example long since have turned
devils into saints, murderers into good Samaritans. What good did
your example do, even in the matter of the repartimientos? Did your
giving up your share of these unjustly and basely-enslaved creatures
serve any other purpose than that of impoverishing one who ever
uses his wealth for the relief of suffering? Nay, further, your good
example on this accursed island worked actually on the side of evil."
"How so?" asked Las Casas. But he looked as though he knew the
answer, even before his companion said heavily,—
"Even we reaped some miserable advantage at 'Palmyra' from your
renunciation. Some half-dozen poor creatures who had thriven under
your mild rule were made over to us to die. But see," Montoro
suddenly exclaimed, interrupting himself and springing to his feet,
"the day is passing, and I should have been in San Domingo hours
ago. I started early enough, but some suspicion that I was leaving
mischief behind me brought me back, and now poor Don is dead."
It was only a dog that was dead, but that dog was Don—the dog on
whose head his mother's tears had fallen—the dog for whose sake
he had once endangered his own life; and with these thoughts
suddenly recalled to his mind, Montoro de Diego was glad to beat a
hasty retreat from further observation.
Las Casas remained deep in earnest ponderings long after his friend
had left him, for he too had begun to think that it was vain to continue
his efforts of philanthropy any longer on the island of Hispaniola, and
that he would do wisely to exert his influence as protector of the
Indians in new fields, less overcrowded with the refuse population of
his own country.
Meantime Montoro reached the town, and was instantly accosted by
a young man of about his own age, and tall, bright, and handsome
as himself, but with a dash of off-hand daring about his person and
manner instead of Montoro's lofty dignity.
"Diego!" he exclaimed, as soon as he caught sight of him, "you are
just the comrade I most desire in our coming campaign. Throw thy
paltry bales into the sea, man, and enrol thyself under our captain's
standard."
"But who then is thy captain?" asked Montoro with some interest,
"and what is this new campaign? Thou art ever mad, my Cortes,
upon some fresh undertaking."
The handsome young notary laughed.
"Better that than sticking to the same spot till thy feet bid fair to grow
to the soil, like thy money-grubber, Don Alonzo, yonder. But, I
warrant thee, this undertaking now on hand is no mere pastime for a
summer's evening. Our captain, Don Diego Velasquez, hath it in
commission to conquer an island, the island of Cuba."
"Ay, doubtless," returned Montoro bitterly. "And hath also leave and
licence, and perchance it may be even orders likewise, to kill off the
inhabitants there, like so many mosquitoes, as hath been done
here!"
The other shrugged his shoulders rather contemptuously.
"Verily, Diego, thou and our bishop yonder have been bitten by the
same dog. But to comfort thy heart, know that Bartholomew Las
Casas is to be invited to go with us to guard thy pets, lest one of us
should so much as slap one of their brats to still its overmuch
squalling at strange faces. So, what say'st thou now?"
Montoro's face cleared to a smile.
"This is what I say—that if Las Casas goes, then do I go also."
CHAPTER XIX.
THE WAY TO TREAT THE REDSKINS.
"Montoro! I say, Montoro, I have news for thee."
"Out with it then," came the answer from our friend, who was once
more engaged in his occupation of eight years before at Veragua.
Houses were built there for a colony that was never founded, and
now Montoro and his companions were building houses on the
island of Cuba, with a very fair prospect of inhabiting them.
Only one chief had offered any determined resistance to the
invaders, and even his followers were not numerous enough to
excite much anxiety. He had fled from his native land of Hispaniola to
escape the Spanish rule, and now he was brought to bay, and
compelled to make a final effort for independence. It had just been
decided to send out a party against him, strong enough, as
Velasquez put it, "To conquer the rebel once for all, and have done
with it."
"And I am to be one of the party," said Juan de Cabrera, excitedly.
"And if you choose you also are to have a hand in catching this
Hatuey, and helping to make him an example."
"He is that already," replied Montoro gravely. "Would that the poor
sheep, his countrymen, knew how to profit by it."
"By my faith," exclaimed Cabrera impatiently, "you are a queer
fellow, Diego. Wouldst thou then that these 'poor sheep,' who are as
a hundred to one of us, should know their strength, and shoot us
down like vermin in a barn?"
Montoro flung down the great wooden hammer with which he had
been driving stakes, and came forward, his face set with mingled
sternness and sorrow.
"Ay, truly, Juan de Cabrera, less would it shame me that the heathen
should thus treat us, than to know that we Christians have acted that
hideous part towards them. Hast thou heard of the late campaign in
Trinidad, where our countrymen have burnt alive in cold blood—to
save trouble!—nigh upon two hundred men and women, and
innocent babes scarcely more helpless than their kind and gentle-
natured fathers? How shall Spanish tears or Spanish blood, thinkest
thou, ever wash out that foul stain?"
Juan de Cabrera turned away for a moment, for he had no answer
ready. When he turned round again he said, with an assumption of
flippancy he was for once far from feeling,—
"Ah, well, I have not heard this shady tale before, and I don't
suppose that it has lost any of its shadows by coming through thy
lips. Doubtless it was but a toss up whether our brethren should be
killed, or should kill."
"Not so," said Montoro, sternly. "Juan Bono hath confessed, himself,
that the unhappy creatures whom he thus repaid had been as
fathers and mothers to him, and to all his party; but he had been sent
to make slaves, and he made them the more readily by burning part
of the population before resistance was dreamt of."
He stopped abruptly, and stooped to pick up his tool. Then once
more raising his eyes to his companion's face, he said slowly and
quietly—
"That is all; but a ghastly all; and I would to God that the heathen
had shot me ere I heard it."
There was a long silence after this ere Cabrera ventured once more
to ask—
"But, Diego, for all this thou wilt join us, wilt thou not? Even for the
sake of thine own feelings thou shouldst do so to help in the
promotion of fair play."
"If I were the Governor himself," said Montoro hastily, "I should exert
myself in vain for justice where this unfortunate Hatuey is concerned.
He has been as a king in his own land, and now we dare to proclaim
him a rebel because he proves himself a patriot, and in the face of
despair fights for his country and his people's liberty. No; I will have
nought to do with 'catching' this noble-hearted heathen Cacique, and
aiding to throw him into slavery."
Cabrera cast a keen, furtive glance at his companion at the
utterance of that last word. Evidently, although Diego had heard that
horrible Trinidad news, he had not yet heard of the doom
pronounced against the troublesomely desperate Cacique of
Hispaniola, when he should be once safely caught in the hands of
the Cuban governor. As for Don Juan de Cabrera, he had no
inclination to give the information. To turn the subject, he said after a
short pause—
"Well then, friend Diego, if thou comest not with us, what is it thou
hast a mind to? Something nobler, I trust, than wood-cutting, as
though thou wert born a boor in a German forest rather than a
Spanish nobleman."
"I feel little inclined to boast just now of my Spanish birthright, I can
tell thee," said Montoro heavily. "But to answer thy question—Ay; I
have other plans on hand than my present employment. I
accompany Las Casas on his progress of pacification through the
island, and we hope great things from our efforts, both for the natives
and the colony."
Cabrera's shoulders went up in a slight shrug, almost in spite of
himself.
"It is to be hoped that you and the clerigo have picked your
associates carefully for your peaceful expedition," he said, with a
touch of scorn. "Otherwise I fear me there may chance some rubs to
your tender consciences ere it is accomplished."
"Little danger," answered Montoro, confidently, adding with a smile,
"for we have, as you say, chosen our companions with due thought.
You see, we have not invited you."
Juan de Cabrera laughed.
"Thanks for the compliment, my friend. I would a hundred-fold rather
be found guilty of too much impetuosity, than of a calm, cold-blooded
calculation."
The smile died out of Montoro's face as he now exclaimed hotly—
"It is easy at all times for men to sneer at right and justice, and to
clothe evil with grand words. In Spain our impetuosity has been a
sword in the hand of honour; why is it here a weapon that would be
disdained even by the paid tool of an assassin? But there, Juan, I
but waste my breath on thee. This is no true impetuosity, no true
impulsive daring, that robs and massacres the harmless peoples of
these lands; but rather is it the base, despicable, grovelling fruit of
cold-blooded reckonings of ounces of gold against lives. By heaven,
I—"
"There, there, Toro," interrupted the light-hearted cavalier, with
unusual quietness of manner, "do not spend thy eloquence upon an
unworthy mortal like me. And for thy solace learn that, although
methinks thou and the clerigo draw the line too fine, I loathe some of
our doings out here well-nigh as greatly as thou canst do thyself. But
adios, for my party will be starting on the Hatuey hunt without me if I
do not hasten."
So saying, the gay adventurer departed with an air as jaunty as
though he were bound for one of the Court tournaments of Spain, to
be rewarded by winning kingly smiles and his lady's scarf. And
shortly after his friend Montoro de Diego, with Las Casas, departed
on their Cuban tour, accompanied by a number of armed followers,
who were intended, by their formidable appearance, to ensure
unbroken peace, not to win it after battle. But unhappily Juan de
Cabrera's prognostications proved truer than Diego's hopes.
"Well, comrade," said a soldier to a companion at the evening halt of
the first day's march; "well, comrade, thou hast then recovered
health and strength in time to have another try for fortune; at any rate
for such flimsy fragments as our present soft-hearted leaders will
permit us to accept. For my part, I had fain that I had been rather
sent off after the rebel Cacique. There will be more pickings to be
gathered up there I doubt, than we shall be able to find baskets for in
this direction. But as for saving souls—"
"As for saving souls," interrupted the man addressed in a deep,
fierce tone; "as for that matter, Guzman, we will save our own souls
by clearing God's earth of these vile, idol-serving vermin. Joshua
was sent forth of old, as Father Gonzalo saith, to rid the world of the
heathen, and so have we the like mission now. And for one Andrea
Botello will obey."
Guzman stared.
"My faith, Botello, let not the noble Señor Diego hear thee speak
thus, or thou wilt most assuredly get ordered back to the settlement
again!"
But Botello's eyes blazed with a yet fiercer fire, and his brow grew
blacker, as he muttered:
"Against those who have a mission from on high, man's orders avail
nought. The commands to slay and destroy, and leave not one
remaining, have come to me from authority, supreme e'en over the
Governor Velasquez himself. Speak not to me of orders!"
"Nay, then, that will I not," murmured Guzman to himself, as he went
off to more cheerful companions. "I will spend no more words on
thee, friend Botello," he continued in soliloquy, "so long as it appears
that the remnants of thy late fever are yet burning in thy veins. It
might chance thou wouldst find thou hadst an order to stick thy
poniard into me."
A few minutes later the prudent soldier was consulting with some
friends, whether a warning hint respecting Botello's aspirations
should not be given to their priest commander.
"But say, then," laughed another, "what need to trouble the good
clerigo for nought? What can one man's moody fancies do of harm,
with so many against him on the other side?"
"Umph, no," said another, somewhat less confidently; "if all the rest
are on the other side; but one fanatic can make an army of disciples,
if his feelings be but strong enough."
"Just so," was the off-hand reply. "If they be strong enough, but not if
they be the half-delirious fancies of a sick man, who ought still to be
in his bed at St. Jago yonder, instead of travelling with us. But come
on, let's hurry up to that party of redskins over there; they seem well
laden, and for my part I prefer to dine on their providing than on my
own, or that of our commanders. They treat us better."
The whole of the little expedition, including Las Casas and Montoro,
appeared to be of the same way of thinking, to judge by the way the
hospitable and kind-hearted Indians were soon surrounded. Whether
owing to the absence of newspapers and telegrams in those days, or
to the hopes of the poor inhabitants of the New World that kindness
would gain kindness, at any rate in their own case, cannot now be
said; but while the refugee Cacique, who had fled from the
barbarities of the Spaniards on his own island, was being hunted
down in one part of Cuba, in another the gentle, courteous natives
were treating their invaders with the most true-hearted friendliness.
"They must, verily, be worse than the tigers of the forests who harm
these simple creatures!" exclaimed Montoro one day, as a number of
Indians hastened to the new encampment with the farewell offerings
of fruit, rice, cooked food, and various little presents as tokens of
peace and good-will, accepting smiles for thanks with inborn
graciousness.
Las Casas smiled at his friend's ardour.
"I feel now," he said joyously, "that I can afford to smile, for all things
here are going forward as I would wish. The natives are learning that
there are at least some amongst the white men who have a
knowledge of right and wrong. And for these with us, Montoro,
thinkest thou not that they have begun to find it pleasant to continue
in well-doing, and to awaken smiles instead of tears? For myself, I
do hope so, I confess."
"And I," assented Montoro earnestly. "I do believe, my father, that thy
noble example has reaped at length the good fruit it has so long
merited."
The two friends passed on, nor marked a pallid-faced, fierce-eyed
man, who had stood near them, and now muttered between his
teeth, gazing after the clerigo:
"Tremble, thou Saul, who wouldst spare Agag, and the chief of the
spoil, when thou shouldst destroy! Guard thyself, lest the vengeance
that falls upon the enemies of the Cross encompass thee also, as
were meet."
CHAPTER XX.
THE MASSACRE AT CAONAO.
Some weeks had passed, and all had hitherto gone well, when one
day, on arriving at the suburbs of the native town of Caonao, Las
Casas announced it to be his intention to remain there two or three
days, making it the limit of his present expedition, and then to return
to the head-quarters of Velasquez, with the report of their doings and
adventures.
"Meantime," he said, with the cheerful good-humour proper to his
nature when at ease for others—"meantime we will make holiday for
the next forty-eight hours."
"And," said Diego smiling, "thanks to our good red brothers here, we
can also give our holiday its proper accompaniment of feasting."
"Just so," agreed Las Casas, with an answering smile. "I confess the
truth; it was the sight of the abundant supplies of all kinds with which
we are provided, that led me to resolve on marking this terminus of
our pleasant expedition with something of the nature of a festival.
Gather the men for me, Diego, some into the surrounding houses,
the remainder may well encamp out here in these gardens, fit for
Paradise itself."
"And for yourself, father?" asked Montoro. "Are you bent on other
explorations?"
"Not very distant ones," was the bright answer. "I am but about to
explore yon temple, and endeavour to use my stammering tongue
for God's glory with its inmates. They may now better believe, I trust,
that we come as bearers of a message of mercy."
"Truly I hope so," replied Montoro, as he nodded the brief adieu to
his friend, and then turned quickly to execute the duties committed to
him. In thus hastily turning, he almost knocked over a man who,
unobserved, had silently moved up close to the two chiefs of the
party, until he stood almost shoulder to shoulder with de Diego.
Diego was about to administer a sharp and haughty reproof to the
presumptuous intruder on the society of his superiors, but a second
look at his companion checked the words on his lips; and he stood a
listener instead of a speaker, as the man uttered, through drawn lips
that scarcely moved, a wild denunciation of the Amorites, the Hivites,
the Canaanites, the Hittites, the Perizzites, the Gergashites, and the
Jebusites.
Those who hear of the matter now may feel tempted to smile, but
there was no smile on the countenance of the young nobleman, no
feeling of mirth in his heart, as he stood facing the mad fanatic. The
man's eyes were fixed in a glassy stare that saw nought then visible;
and his eager, bloodthirsty curses against those he denounced as
the enemies of God, and of his Christ, made Montoro's blood run
cold.
"Friend," he began at last—"friend, rouse thyself. Recall thy
scattered thoughts. Those enemies of God's people, and daring
breakers of His laws, have perished for their iniquities more than two
thousand years ago. What priestly tales from the Holy Scriptures
have been startling thy ears of late?"
"He hath been ill, at death's door with malarious fever, but a few
days before joining this expedition, Señor," answered another of the
soldiers coming forward now, and hastily putting his hand on his
comrade's arm, as though to draw him away, but at the same time
with an air of secret warning which, at another time, would not have
escaped the keen eyes of the young officer. Now, however, Montoro
was anxious to get the clerigo's wishes carried out before his return
on the scene, and he was more intent on taking a view of the ground
around him, as to its capabilities for comfortable encampment, than
in noting the actions of individuals.
"See," he said kindly, but somewhat absently, "yonder come our kind
Indian friends with supplies of water; doubtless thy comrade is
suffering from thirst. Go forward with him, and see that his wants are
well attended to."
The man bowed, and quickly pulled his companion on to hinder the
word answer he seemed about to give.
"Thou art a very fool, Botello," he muttered angrily, when out of
earshot of Diego. "Of what good to rouse us up to help fulfil thy
purpose, when thy blabbing lips must go well-nigh to betray it, to the
one of all others most keen to hinder it. The clerigo hath some
thoughts to spare from his red lambs to his own comfortable living,
but this Señor Diego carrieth the vile heathen on his back to his own
greatest detriment. Verily, methinks he would far sooner have that
sword of thine pierce him than one of them."
Botello turned, with those dull-burning, sullen eyes of his fixed upon
his friend.
"If it is thus with him," he said between his clenched teeth, "then will
he receive due punishment in witnessing the slaughter of those he
thus dares to cherish. But come, the hour has arrived, and the
victims."
And suddenly, with a wild cry, he dashed forward towards a group of
some hundreds of defenceless Indians—men, women, and children
—laden with fruits, and jars of water for their Spanish guests.
Snatching his sword from its sheath it flashed for a few moments in
the sun, as he brandished it on high, and then, with a madman's
howl, he plunged it into the bodies of an infant and its mother who
was advancing with a timid smile to offer drink to the thirsty
travellers.
Tearing the reeking weapon from his first quivering victims he rushed
on over them, dealing death and wounds frantically around him. For
some moments he was alone in his dread activity. The Indians were
spellbound with the dismal horror. Even his own fellows were awe-
struck with the impetus of the hideous onslaught.
But quickly the scene changed. In his fatal career the wretched
madman cut down the beloved young squaw of a tall and unusually
powerful Indian, before he could fling himself before her as a cover.
Baffled of his loving effort he threw himself upon the Spaniard, utterly
regardless, in his despairing fury, of the blood-dripping sword.
Snapping it with his hands as though it had been a thread from his
native cotton plants, he tossed away the pieces, and then, with those
sinewy, disengaged fingers, throttled his antagonist, and cast the
dead body of the wretched Botello beside that of the murdered
Indian.
The red man's ferocious shout of triumph was the signal for
answering shouts of fury from the Spaniards. They had looked on
while innocent and gentle women and children were ruthlessly
slaughtered, but the sight of one of their own number slain was one
that aroused all their fiercest feelings of revenge, and ere it could be
well said that they had had time for thought swords and daggers
were flashing in the light, the fair, flower-bestrewn earth was
streaming with blood, and mangled bodies of dead and dying
creatures, some still clasping their simple offerings, that pleaded for
good-will, in their stiffening hands, were piled in awful heaps around
the camping ground.
To this drear, sickening sight Montoro de Diego rushed forward as he
saw the tumult that was raging. Guzman, one of the few who
remained faithful to his leader's trust in him, flew to the temple to
summon Las Casas. The redskins' friend was just issuing from the
building when his follower reached it, breathless with haste, pallid
with horror, and bespattered with gore from the pitiful victims who
had been falling in wholesale crowds around him. The countenance
of the clerigo turned pale also as he caught sight of the panting
soldier.
"What is it?" he exclaimed. "Our brethren—what of them? Is it a
massacre?"
Guzman nodded. He could not speak; one word he managed to
gasp out—"Go." For a massacre it was indeed, though not of the
nature imagined by Las Casas; not a massacre perpetrated by
ignorant heathen of those from whom they had scarce ever received
ought but wrong, but a massacre barbarously committed by
Christians on those from whom they had received nought but
kindness and submissive respect. But Las Casas waited not to learn
more from his breathless retainer. He saw the wild tumult surging in
the distance; he heard the confused roar of mingled shrieks, shouts,
yells, and groans; and whatever was going forward that concerned
his company his place was in their midst, to die with them if their
rescue were no longer possible.
In a moment of time this decision had darted through his brain, and
the next instant he was flying over the ground that intervened
between the temple of Caonao, and the open plain where the
deadliest of the uproar was in awful progress.
Two or three huts of less pretensions than the houses in the town
were scattered here and there. Close to the fighting, dying,
struggling multitudes stood one of these wooden buildings somewhat
larger than the rest. In it a number of the hospitable Indian women
had been gathered, a few minutes since, cooking and preparing food
for their cruel invaders. Now a panic-stricken, shrieking rabble of
both sexes and all ages was dashing into it, Indians pursued by
Spaniards—Indians, as Las Casas perceived at the first horror-
stricken glance, with nothing but crushed fruits and flowers in their
hands, or wounded infants moaning in their arms, Spaniards with
blood-dropping, crimsoned swords. Then he knew all. A groan of
bitterest anguish burst from his lips—
"Oh, my God!"
The words were a prayer, an abject prayer to the Most High for
mercy. Had the earth at that moment opened her black jaws and
swallowed up every Spaniard present, had fire from heaven licked
them up and carried them to hell, Las Casas would have felt no
wonder. He wondered more that an all-powerful God should spare.
One moment he gave to that groan, one moment to that prayer, and
then, throwing himself in the doorway of the hut, he dashed aside a
half-frenzied soldier who was entering in pursuit of the wretched
fugitives, and uttered a mighty, furious shout:
"Back, Spaniards, back, you dastardly mean hounds, every one of
you, or run your swords thus hallowed with the blood of the
innocents into your leader's body. I invite you to it, fiends every one
of you rather than men, that I may the more speedily close mine
eyes for ever on this scene fit only for the shades of hell."
Then he looked into the hut upon the huddled flock of trembling,
weeping, wounded human sheep. Some had climbed, for refuge
from their bloodthirsty pursuers, to the rafters of the roof, and hung
there, with their wild eyes gleaming, through their long black hair,
down upon events below, and their white teeth chattering for fear.
The sudden appearance of Las Casas upon the spot, and the
change of his usual mild demeanour to one of such haughty, biting
indignation, had created a temporary, rapid lull about the spot where
he stood. A permanent arrest of the massacre in that direction, he all
too fondly believed, and so he began to soothe and reassure the
poor creatures gathered together for death within the walls of that
humble little dwelling. Some few words of comfort in their own
language he knew, and spoke most eagerly, but the deep sympathy
of his countenance, his pitying eyes, spoke still more eloquently, and
above all, his fame had come before him even here, as a father and
friend of the helpless.
Gradually some put back the hair from their faces and ventured to
look around them, mothers loosened their convulsive grasp of their
children, and the climbers on the rafters swung themselves down to
the ground again. But even Las Casas could see that all was not yet
achieved for the restoration of peace. At a few hundred yards'
distance the horrible, shameful work of slaughter still continued, and
once more quitting the hut and its defenceless multitude,
Bartholomew Las Casas dashed onwards to repeat his efforts at
arresting the wholesale murder of defenceless men, helpless
women, the aged and the infant.
"Oh, Montoro!" he ejaculated as to himself, as he neared this fresh
scene of horror. "Alas! Montoro de Diego, where canst thou have
been to allow such things!"
A voice from beside his feet answered him—"I am here, my friend.
Disabled at the first moment. But do not heed me. Hasten to save
what poor remnant there may yet remain of these unhappy victims."
Las Casas looked at his half fainting friend, then at the dreadful
mêlée beyond, and with a hurried—"I will return immediately," he ran
on, and a second time hurled his furious commands at his followers
to cease their cowardly slaughter of their helpless prey.
A second time the leader's voice and the leader's presence cowed
the Spaniards back to order—momentarily. From the rear where the
hut lay there suddenly broke upon the air wilder shrieks and yells
than had been heard before. Deep oaths and curses of Spanish
throats were mingled with the shrill Indian cries, and off darted the
soldiers gathered about Las Casas to join their other comrades.
They were like so many score of bloodhounds, with the taste for
blood so aroused that it could no more be satisfied. Not again could
the friend of the Indians reach the doorway of that hut until it had
become a charnel-house, so crammed with the dead and dying, that
the stoutest heart might turn away from the ghastly task of learning if
there were yet any, amongst those heaps of mangled bodies, to
whom it might be possible to speak last words of pity.
There had been five hundred living human beings crowded into that
building when Las Casas left it ten minutes ago, now there lay there
five hundred mangled bodies lying in crimson pools, some already
stiff and stark, some writhing in the death agonies, none ever to see
the sun in this world again, or to learn on earth that the religion
called the Christian faith, which those white intruders came to
spread, was not the religion of a demon more vile than any their
untaught imaginings had ever dared portray.
A poor mother's despairing wail over her mortally wounded child,
had been the slight spark needed to rekindle the blind rage of the
Spanish soldiers. A soldier had held a crucifix before the infant's
dying eyes, and the mother, fearing fresh cruelties, had wildly
dashed it from the man's hand. That was more than provocation
enough for gold-seekers who salved their greed for wealth and fame
with the plea, that their journeyings were to widen the limits of
Christ's kingdom.
Scarcely had the crucifix fallen to the ground ere the murdered
woman fell beside it. Many a dead body had the man to move the
following day ere he recovered the treasured symbol of an immortal
love. All that night the leader of the expedition knelt, alone, in prayer.
All that night Montoro de Diego lay praying, faint and weak from loss
of blood, shed at the commencement of the hideous fray in the vain
effort to arrest the massacre. Never, so long as Montoro lived, did he
hear the name of the little town of Caonao without a shudder, never
did he remember the sounds of those women's wails, the sounds of
those children's cries of dying agony, without a moan escaping his
own lips, and a shivering horror overwhelming him that such things
should have been.
One day for a day of burial, and then, in a solemn hush as though a
funeral cortége, or a train of vanquished fugitives, the expedition
formed again for marching, and retraced its steps to St. Jago.
Montoro made one attempt to cheer his friend, but the soothing
words were hurriedly put aside.
"Nay, nay, Diego. Speak not to me of comfort in our shame and bitter
affliction. I came forth confident in my own strength, in my own
power to rule man and to guide those under me in the ways of
peace, and the Lord of Hosts has thus humbled my
presumptuousness in the dust. Speak not to me of comfort; there is
none save in prayer."
CHAPTER XXI.
THE PATRIOT CACIQUE HATUEY.
The march back to the Cuban seat of government was made more
rapidly than the march out had been. Then, all had been gaiety and
brightness. A band of picked men under a favourite and joyous-
natured leader, peace and good-will for their motto, and friendly
natives hovering ever around them as they journeyed, to turn each
day into one of pleasant feastings.
Now the leader had but stern, grief-stricken eyes to turn upon those
under his command, and the men walked on bowed with a sense of
well-merited disgrace. Few and far between were the offerings made
to them now, and those were bestowed with trembling hands, and
countenances marked by abject terror. None of the circumstances of
the homeward way tempted the explorers to linger.
But full as was the generous-hearted Montoro's cup of sorrow, it was
not yet so full but that it was to be called upon to hold more, even to
overflowing.
The shadows of the marching men were beginning to lengthen as
they moved along, as though the shades had learnt the art of
deception with each hour of the growing day, and wished to startle
the whole race of earth's crawlers, beetles, snakes, worms, and their
fellows, with the semblance of an oncoming race of giants. The air
was full of humming insects, quivering heat, and the rich scent of
leaves and flowers.
The Spaniards stepped onwards slowly. They were near the end of
their journey now, and their eyes were tired with gazing at that
"Landscape winking through the heat."
A hot shimmer over all things, such as Tennyson had never seen
when he wrote a line which almost makes one feel warm even on a
cold winter's day.
Montoro was feeling depressed and weary, and sentiments of
gladness and regret were pretty equally mingled in his breast as he
saw the various roofs close before him of the newly-founded town of
St. Jago. But personal sorrow cannot be indulged by leaders.
"Put your best feet forward, my friends," cried Bartholomew Las
Casas at this moment. However bitterly he might grieve over recent
occurrences, there was still sufficient of the spirit of the commander
in him to rebel against the notion of reappearing before Velasquez,
Cortes, and the rest of their fellow-adventurers, like a company of
whipped dogs; but he need not have troubled himself, for an event
was taking place at that hour in St. Jago that absorbed all interests.
Hatuey, the Cacique of Hispaniola—Hatuey, the noble, untutored
patriot—had been taken prisoner whilst fighting his last battles for
freedom and his country, and Hatuey was adjudged to suffer as a
rebel! He was to be made an example of, so the Governor declared
—to be the scarecrow to frighten all others of his race and the
surrounding nations from daring to perform one of the most sacred
duties of mankind. The Spaniards acknowledged it to be so for
themselves; but then—Hatuey was a heathen, and had refused to be
forced into Christianity at the point of the sword.
Las Casas, Montoro, and their followers were close to the town when
Montoro de Diego was suddenly almost thrown to the ground by an
Indian woman, who flung herself before him with a wild, heart-
rending cry, and clasped his knees convulsively.
Already Diego had become known on the island as a friend of the
friendless, an eager helper of the helpless, and this poor, despairing
creature had been on the look-out for him, during the past hours of
that day, with a gnawing agony of longing that had made the hours
seem like weeks. He was her last hope, and now, catching sight of
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.