Amazon Web Services Inc. continues its staggering growth and runaway momentum in the global cloud market. At its sixth annual re:Invent conference last week in Las Vegas, AWS Chief Executive Andy Jassy said that in the past year its revenue rose 42 percent to an annual run rate of $18 billion. It now has millions of active customers, ranging from successful startups that have built business from scratch on AWS to large private sector, government, academic and other customers in every vertical.
One of the key messages heard by the nearly 45,000 attendees was that data security is an area of focus and innovation for AWS. From a threat detection service to a data discovery, classification and protection service powered by machine learning, Amazon touted several new and recently announced offerings intended to make business users feel more comfortable about securely using its popular cloud computing platform.
The Protegrity team members who attended re:Invent have come back to work thoroughly impressed by what they saw and heard. Here are some their highlights:
“AWS is SERIOUS about security,” said Vincent Lam, Global Head of Corporate Marketing at Protegrity. “It’s not an afterthought and they’ve been moving to incorporate it seamlessly into their services and platforms out of the box. They’ve already put server side encryption capabilities into 43 of their services (S3, EBS, RDS, Redshift, etc.) and will have most of the rest of their services integrated with server-side encryption by the end of 2018.”
Despite these efforts, some AWS clients haven’t taken advantage of all the build in security controls and continue to leave sensitive data exposed due to misconfigured S3 cloud storage buckets. That’s why last month they rolled out a series of new security features to its AWS S3 cloud storage service, including encryption by default.
At re:Invent, AWS highlighted two additional offerings, Amazon GuardDuty and Amazon Macie. GuardDuty is a fully managed intelligent threat detection service that helps customers protect their AWS accounts and workloads by continuously monitoring account activity for malicious or unauthorized behavior. Macie is a security service that uses machine learning to help customers prevent data loss by automatically discovering, classifying, and protecting sensitive data in AWS.
It’s no secret that momentum for AWS is being driven by users adopting public cloud for their core, mission-critical applications and workloads. Many AWS clients provided case studies during keynote presentations and breakout session. Of interest to the Protegrity team was Goldman Sachs, who was bullish on moving to the cloud and found AWS to be a terrific partner, despite having initial concerns around control of the computing environment and data security.
“Large financial firms — typically stodgy, full of regulations, and entrenched on mainframe environments — are opening up to the cloud,” said Lam. “If Goldman Sachs is actively doing this, others will surely follow.”
Despite so many new product announcements in the area of security, even Amazon CTO Werner Vogels admitted that AWS can’t do it all, saying that security is everybody’s job – from AWS to clients to partner ISVs. Of course, AWS gives clients out of the box encryption for practically all its services now. “You have no excuse for not encrypting EVERYTHING,” said Vogels.
They also fully support customers providing their own infrastructure for security. Client side or server side integration is available to integrate key management and encryption along with governance and self-service tools from AWS. This provides a number of options depending on what clients favor.
Third party partner solutions also have a role to play. AWS introduced Privatelink, which allows partners to create secure networked services between AWS and on-premise networks. “Essentially, they’ve created a complete ecosystem consisting of AWS products and services, a marketplace for third party solutions, and clients’ own in-house resources.”
Using AWS-provided encryption and key management tools – while a great first step — may not provide the risk mitigation necessary to respond to today’s internal and external threats. Using this kind of inflexible, all-or-nothing approach to data protection also may limit the usability of the data as it flows between applications, business processes, and users.
That’s why Protegrity provides a Data Security Platform that systematically overcomes the people, process, and technology challenges faced by IT leaders in an increasingly complex cloud data ecosystem, including AWS. The Protegrity Data Security Gateway for Amazon S3 Package or the Protegrity Big Data Protector for Amazon EMR Package enhances the level of security on your most sensitive data quickly and easily. These solutions:
In addition, Protegrity solutions are developed and supported by a passionate team of data security experts like Vincent Lam and Sunil Sabat, Director of Product Management, who both passed the AWS certification exam while at re:Invent and are now certified Amazon Cloud Practitioners.
Please visit Protegrity’s AWS solutions page to learn how to better protect your Amazon Web Services platform.