Service Provider Cloud

Amazon Automates Cloud Security

Amazon is looking to make it easier for cloud operators to secure their services, with new tools for managing secrets, certificates, firewall policies and compliance data, introduced Wednesday.

Amazon Web Services Inc. announced the new services at the keynote address of its AWS Summit in San Francisco, delivered by CTO Werner Vogels. He issued a clarion call for developers to build security into the entire application process, and not just add security as an afterthought. Security, he said, is everybody's responsibility.

"If something happens at your company it's your doing as well. It's not just the security team's," Vogels said. "We all have to take responsibility if we want to build highly available secure applications."

AWS Secrets Manager is designed to automates creating, storing and managing secrets -- such as database credentials, passwords and API Keys -- across an enterprise. Users can rotate secrets to change them regularly to keep attackers at bay.

Amazon's Vogels
Amazon's Vogels

Boost your knowledge of cloud-native software and innovations driving data center transformations! Join us in Austin at the fifth-annual Big Communications Event May 14-16. The event is free for communications service providers -- secure your seat today!

Randall Hunt, a senior technical evangelist at AWS, describes how Secrets Manager works in a post on the AWS blog. If you've used a password manager like LastPass or 1Password, AWS Secrets Manager look like that, but for enterprise use rather than individual users. The service is available now, priced at $0.40 per month per secret and $0.05 per 10,000 API calls.

The company also launched AWS Certificate Manager, Private Certificate Authority, to allow developers to provision and manage certificates that are only available to users inside an organization.

AWS Firewall Manager is designed to allow enterprises to use multiple AWS accounts and host applications across regions while centralizing control over the organization's security settings and profile. The service provides policy enforcement across accounts and applications.

And AWS updated its AWS Config service to aggregate compliance data across accounts and regions. Users can view the aggregated data on a single dashboard, to improve governance and compliance.

AWS also introduced other updates to its services Wednesday.

The company rolled out new storage classes for S3, that are less expensive and less protected than other types, as well as general availability of S3 Select, to retrieve subsets of data from S3 objects using SQL expressions, with up to 400% performance improvements.

AWS launched general availability of its Transcribe transcription service and Translate translation service, which it introduced late last year in private preview. (See Google & Amazon Heat Up Machine Learning Rivalry.)

And it introduced new capabilities for its SageMaker machine learning platform.

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud, Light Reading

Michelle 4/14/2018 | 1:22:12 PM
aka AWS Ministry of Secrets This is an impressive addition to AWS features. Automating ssl certificates this way will be a big help to many, I'm sure. The linked tutorial makes it look super easy.
Phil_Britt 4/5/2018 | 9:41:51 PM
Re: 5G enterprise Use cases You're right about the need to integrate with a company's own security. "Off the shelf" security isn't enough by itself.
HardenStance 4/5/2018 | 5:18:35 AM
5G enterprise Use cases These guys can have a significant play in 5G security, particularly when it comes to putting together suites of optional security services to support new vertical industry use cases.

Security here will need to be an extension of - and map to/integrate with -  an enterprise's existing IT security architecture rather being handed down as some sort of greenfield propostion from a telco thinking and acting largely alone.

AWS is building capabilities that are relevant here. Telefonica already gets the partnership potential. Others too.  
Sign In