Serverless computing broke the assumptions security was built on. A function may exist for 200 milliseconds, scale to thousands of instances, then vanish — there is no long-lived server to put a firewall in front of, no static IP to write a rule against. Segmenting that requires controls as ephemeral as the workload.
Zscaler, Inc.'s US11792194B2, “Microsegmentation for serverless computing” (issued October 17, 2023; CPC H04L 63/101 — access control lists, and H04L 63/0263 — firewall rule-set management), describes microsegmentation adapted to serverless. Read it at US11792194B2.
Mechanically, the system applies identity- and policy-based isolation to functions based on what they are and what they are allowed to talk to, rather than where they run, because “where” is meaningless for something that exists for a heartbeat. Segmentation follows the workload's identity, computed and enforced as fast as the function appears.
Why this is a business story: Zscaler grew its microsegmentation capability partly through its 2021 acquisition of Edgewise Networks, and extending segmentation to serverless is part of defending the cloud-workload-segmentation frontier against Illumio, Cisco, and the cloud providers' native tools. Serverless coverage is a forward bet — the workloads are still a minority of the estate, but securing them is exactly the kind of capability that keeps a platform ahead of where customers are heading.
The grounded read: serverless microsegmentation isolates functions by identity and policy because their location is too fleeting to control. Zscaler's 2023 grant names that approach — a forward position in the cloud-workload-segmentation race.