On the first day of its re:Invent conference, Amazon Web Services (AWS) announced Amazon One Enterprise, a new palm-based identity service that enables users to securely access both physical locations and digital assets.
Amazon One has been available for identification, payment, and entry at Whole Foods Market stores, but AWS is now expanding it to enterprises with Amazon One Enterprise.
The fully managed enterprise access control service can be used to enter secured offices, residential buildings, data centers, hotels, airports, and educational institutions, as well as for access to digital resources, such as HR records and financial data.
The Amazon One biometric identification device where users scan their palm can easily be installed by IT or security teams, with user and device management being done from the AWS console.
“Amazon One Enterprise combines palm and vein imagery for biometric matching and delivers an accuracy rate of 99.9999%, which exceeds the accuracy of other biometric alternatives — even more accurate than scanning two irises,” AWS explained.
“The new service’s palm-recognition technology uses advanced artificial intelligence and machine learning to create a palm signature that is associated with identification credentials like a badge, employee ID, or PIN. The palm signature is a unique numerical vector created from the user’s palm image that cannot be replicated or used for impersonation,” it added.
Amazon One Enterprise is currently available in preview in the United States and it’s already being used by several major organizations.
AWS announces new security features and capabilities
Just before the start of its re:Invent event, AWS announced several new security features and capabilities. This includes new AWS Control Tower controls designed to help organizations meet digital sovereignty requirements, which specify where data resides, where it flows, and who has control over it.
In the identity and access management (IAM) category, AWS announced two new features in IAM Access Analyzer: a new analyzer that continuously monitors users and roles for unused permissions, and custom policy checks that ensure new policies don’t grant unintended permissions.
In addition, Amazon EKS Pod Identity has been launched to simplify IAM permissions for applications on Elastic Kubernetes Service (EKS) clusters.
The cloud giant also announced Amazon GuardDuty ECS Runtime Monitoring, which is designed to detect runtime security issues in Elastic Container Service (ECS) clusters.
The company also informed customers that Amazon Detective adds new capabilities to accelerate and improve cloud security investigations.