Amazon Automates Cloud Security
Amazon is looking to make it easier for cloud operators to secure their services, with new tools for managing secrets, certificates, firewall policies and compliance data, introduced Wednesday.
Amazon Web Services Inc. announced the new services at the keynote address of its AWS Summit in San Francisco, delivered by CTO Werner Vogels. He issued a clarion call for developers to build security into the entire application process, and not just add security as an afterthought. Security, he said, is everybody's responsibility.
"If something happens at your company it's your doing as well. It's not just the security team's," Vogels said. "We all have to take responsibility if we want to build highly available secure applications."
AWS Secrets Manager is designed to automates creating, storing and managing secrets -- such as database credentials, passwords and API Keys -- across an enterprise. Users can rotate secrets to change them regularly to keep attackers at bay.
Randall Hunt, a senior technical evangelist at AWS, describes how Secrets Manager works in a post on the AWS blog. If you've used a password manager like LastPass or 1Password, AWS Secrets Manager look like that, but for enterprise use rather than individual users. The service is available now, priced at $0.40 per month per secret and $0.05 per 10,000 API calls.
The company also launched AWS Certificate Manager, Private Certificate Authority, to allow developers to provision and manage certificates that are only available to users inside an organization.
AWS Firewall Manager is designed to allow enterprises to use multiple AWS accounts and host applications across regions while centralizing control over the organization's security settings and profile. The service provides policy enforcement across accounts and applications.
And AWS updated its AWS Config service to aggregate compliance data across accounts and regions. Users can view the aggregated data on a single dashboard, to improve governance and compliance.
AWS also introduced other updates to its services Wednesday.
The company rolled out new storage classes for S3, that are less expensive and less protected than other types, as well as general availability of S3 Select, to retrieve subsets of data from S3 objects using SQL expressions, with up to 400% performance improvements.
AWS launched general availability of its Transcribe transcription service and Translate translation service, which it introduced late last year in private preview. (See Google & Amazon Heat Up Machine Learning Rivalry.)
And it introduced new capabilities for its SageMaker machine learning platform.
- Cisco to Buy Skyport Systems for Cloud Security
- Cisco Debuts Security for 'Any Data Center & for Any Cloud'
- Amazon Scoops Up Sqrrl for Cloud Security
- Juniper Automates to Speed Up Security
- Cisco Plugs Encryption Hole in Network Security
— Mitch Wagner Editor, Enterprise Cloud, Light Reading