---
title: "The Most Secure Server is the One that Does Not Exist"
description: "Uncover how the most secure web server is one that does not exist! Learn what to use in place of a server to continue serving the best web experiences."
source: "https://www.netlify.com/blog/what-makes-the-most-secure-server/"
last_updated: "2026-07-14T18:51:03.000Z"
---
When serving content on the web, it is incredibly important that the hosting solution used is suitably secured against compromise and attack. This is true no matter the size and budget of a project because vulnerable servers exposed to the public internet pose a risk not only to the owners and users of the websites they serve, but also to everybody else in the event that they become compromised and a tool for abuse. Large project or small, security matters.

This can add significant friction and overheads to the effort of anyone getting a website online. From hobbyists and casual developers working on side projects, to large high-profile brands, it can become a huge burden of cost, effort, and complexity as profile, exposure and potential risk increase.

## How to make our web server more secure

One method of helping to reduce the risk profile of a web project is to remove potentially vulnerable infrastructure from its architecture. That sounds like a dramatic and difficult move. But is it?

## How Netlify helps secure a stack by simplifying it

When Netlify was first founded, at our core was an architectural model of pre-generating the site’s assets in advance, and then deploying those built assets to a read-only, high-performance, distributed content delivery network (our CDN). This architecture was not new. In fact, in many ways, it was a return to some of the earliest tried-and-tested models for serving content on the web. What _was_ new were the workflows and automations made possible by formalizing underlying commonalities and characteristics shared by good architectures, and building tooling to facilitate the best practices.

This approach embodied what was to become known as [Jamstack](https://www.netlify.com/jamstack/), where developers and administrators could focus on the development of assets to be predictably and reliably delivered from a hosting environment that they themselves would not need to touch or to secure.

The need for an active, persistent application server had been abstracted away. Replaced instead with ephemeral, containerized build servers (affectionately referred to by the team at Netlify as our “build bot”).

The site’s active server, exposed to the public internet, was gone. And with it the burden of securing it, and the risk of getting that wrong at some point during its entire life — a huge upside.

## Beyond read-only

Of course, not every website will be useful if it can only serve content without customizing it for the visitor, or accept user feedback, or allow transactions. (Loads can though. Seriously, LOADS! And we should think about that carefully when planning how we build things… but that’s a soapbox for another day).

The idea of pre-generating assets and then serving them in a read-only format was sometimes misunderstood to mean that the experience possible was a read-only, static experience. Luckily, not so.

Browser APIs and their support for client-side JavaScript can do incredible things. JavaScript can be used to power some very interactive and engaging experiences in sites, stores, and apps.

This does not mean that the best approach is always to bundle up all application logic into JavaScript and pump it down the wires to our site user’s devices. We should use JavaScript with great discretion and precision. Wielding it like a scalpel, rather than a sword. I’m a big fan of [Progressive Enhancement](https://en.wikipedia.org/wiki/Progressive_enhancement), where we establish a viable baseline of functionality without JavaScript, then gradually layer on interface complexity and capabilities where the technologies and features are found to be available in whatever browser or client is being used to consume the application.

Likewise, I’m a firm believer in the importance of the [Principal of Least Power](https://www.w3.org/2001/tag/doc/leastPower.html) (derived from [Occam’s Razor](https://en.wikipedia.org/wiki/Occam%27s_razor)), which ”suggests choosing the least powerful language suitable for a given purpose.” ([Tim Berners-Lee, W3C](https://www.w3.org/2001/tag/doc/leastPower.html)).

We should increase complexity when the situation demands it, not by default.

Eventually though, _some_ use cases will be best served by tooling and logic executed on a server. Or at least, not in the client. But where?

## Bye-bye web server, hello serverless runtimes

The tools available to web developers have continued to evolve. In 2018, we introduced [Netlify Functions](https://www.netlify.com/platform/core/functions/) to enable developers to develop and deploy serverless functions using the same git-based developer workflow as they had come to rely on for the rest of their code. In time, this has expanded to include other forms of serverless runtimes such as [Scheduled Functions](https://www.netlify.com/platform/core/functions/), [Background Functions](https://www.netlify.com/platform/core/functions/), [On-demand Builders](https://www.netlify.com/platform/core/build/), and [Edge Functions](https://www.netlify.com/platform/core/edge/#edge-functions).

These tools all added more possibilities and expanded on the core model which had become popularized as Jamstack. They seem to blur the edges of the definition and the conceptual model that initially felt blissfully simple. But they share something important — an attribute which is core to the original Jamstack approach and that brings some of the greatest benefits.

None of them introduce the concept of a server into the developer’s remit.

![Serverless runtimes delivered by Netlify through the same workflow as other build assets](https://cdn.sanity.io/images/o0o2tn5x/production/90eaeb00b10bcd55c97f237a1d259396635c7ea6-3626x1804.png)

_Serverless runtimes delivered by Netlify through the same workflow as other build assets_

We now get to enjoy the possibilities from being able to build and deploy not only frontend assets, but also the APIs and service layers to drive our websites and apps. To deliver logic to the very edges of the network to be executed close to the users at request time to adapt, augment, and enhance their requests and responses. To perform scheduled and long-running processes and batch jobs.

All of this without adding a server for developers and systems teams to secure and maintain.

As Occam’s Razor and the Principal of Least Power teaches us, we benefit when we can avoid adding unnecessary complexity. The absence of an application server means that we needn’t take on the responsibility of its uptime, load-balancing, code-replication, content-replication, software updates or security patches. It doesn’t exist.

And nothing is as secure as the server that does not exist.

## More about security at Netlify

To learn more about how Netlify can improve the security profile of your sites, stores, and apps, explore these resources:

-   [Netlify Bolsters Enterprise-Level Security of its Platform with ISO 27001 Certification](https://www.netlify.com/press/bolsters-enterprise-level-security-achieving-iso-27001/)
-   [Netlify’s Commitment to Security Transparency](https://www.netlify.com/blog/our-commitment-to-security-transparency/)
-   [Behind the Scenes: Why Netlify Engineering Uses GitHub Advanced Security](https://www.netlify.com/blog/github-advanced-security-sast/)

And check out this free webinar:

-   [Security in a Composable World](https://www.netlify.com/resources/webinars/security-and-the-composable-web/)

### Share

-   [X (fka Twitter)](https://twitter.com/intent/tweet?text=The Most Secure Server is the One that Does Not Exist&url=https://www.netlify.com/blog/what-makes-the-most-secure-server/)
-   [LinkedIn](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.netlify.com%2Fblog%2Fwhat-makes-the-most-secure-server%2F)
-   [Facebook](https://www.facebook.com/sharer.php?u=https://www.netlify.com/blog/what-makes-the-most-secure-server/)
-   [Bluesky](https://bsky.app/intent/compose?text=The Most Secure Server is the One that Does Not Exist+https://www.netlify.com/blog/what-makes-the-most-secure-server/)

* * *

### Tags

-   [Security](/blog/tags/security/)
-   [Architecture](/blog/tags/architecture/)

## Keep reading

![](/_astro/e08f4904019bbe191064b938b452670257b646ec-1200x675_Z142Kqo.webp)

News & Announcements February 22, 2023

[

### Announcing SSO with SAML for Enterprise-scale Security

](/blog/sso-with-saml)

-   ![Profile picture of Matt Rinehart](/_astro/30d599d9120c3ab044c069ac97d6912176358751-1279x1272_Z15TmXq.webp)
    
    Matt Rinehart
    

![](/images/blog-fallback-thumbnail.svg)

News & Announcements August 23, 2022

[

### Our Latest Security Advancement: Netlify Achieves ISO 27001

](/blog/netlify-achieves-iso-27001-certification)

-   ![Profile picture of Mark Dorsi](/_astro/98c49c1fbc9a6a3cdf0528a6d9194a69fd35dea8-1367x1324_Z2VJaw.webp)
    
    Mark Dorsi
    

## Recent posts

News & Announcements July 14, 2026

[

### More headroom, a lower per-credit rate, and a bill you can predict: introducing new Pro plan tiers

](/blog/new-pro-plan-tiers)

-   ![Profile picture of Gehrig Kunz](/_astro/b4e9f58d914d1334ea70d53ea55a1f26b26f1445-512x512_17SwOI.webp)
    
    Gehrig Kunz
    

News & Announcements July 13, 2026

[

### Netlify inside of Claude Design

](/blog/netlify-inside-of-claude-design)

-   ![Profile picture of Sean Roberts](/_astro/bbf2243f8171dbddd80ab2103622106cef84d125-512x512_Z1d2LKE.webp)
    
    Sean Roberts
    

News & Announcements June 25, 2026

[

### Netlify Functions, designed for Agent Experience

](/blog/netlify-functions-designed-for-agent-experience)

-   ![Profile picture of Eduardo Bouças](/_astro/52958f21e8450baf6d8e60302341a984e220c0cd-512x512_13VDlu.webp)
    
    Eduardo Bouças
    

![](/_astro/3f255b372fa958df35802666ee33b4609b2d71bd-1200x1586_1VtE2D.webp)

### How do the best dev and marketing teams work together?

[Access the report](https://www.netlify.com/reports/2024-leadership-trend-report/access/)