Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Amazon Web Services Adds New Enterprise Security and Governance Solutions

This week at the AWS re:Invent 2014 conference in Las Vegas, Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.

This week at the AWS re:Invent 2014 conference in Las Vegas, Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.

Kicking off the list of new offerings is AWS Key Management Service, a fully managed service that lets customers create and manage encryption keys used to encrypt their data on the AWS Cloud. The service enables developers encrypt data with one click in the AWS Management Console, or by using the AWS SDK to add encryption to their application code.

The Key Management Service logs key usage information and feeds an audit trail into AWS CloudTrail for customers to use for compliance and regulatory requirements, and integrates with other AWS services including its Amazon S3s storage solution, Amazon Elastic Block Store, Amazon Relational Database Service, and Amazon Redshift.

Amazon Web ServicesAn SDK is also provided for integration into a customer’s own applications.

Hardware Security Modules (HSMs) are used to protect the security of customer keys, the company said.

“More enterprises are moving data to the cloud and they expect the same degree of security as if data were on premises,” said Ojas Rege, Vice President Strategy at MobileIron. “AWS Key Management Service provides protection for and management of encryption keys which allows us to develop a cloud services architecture that assures corporate data remains safeguarded as securely as in an on-premises, TPM-protected environment.”

Amazon also launched AWS Config, a managed service that provides customers with visibility into their AWS resources and associated relationships. AWS Config provides audit resource configuration history, and notifies customers of resource configuration changes.

“AWS Config continuously records changes to the configuration attributes of a customer’s AWS resources, such as security group settings, or the value tags on Amazon EC2 instances,” Amazon explained. “Administrators get this information in a continuous stream, and they can view a full history and review configuration change impact across resources to support security analysis, compliance auditing, and troubleshooting efforts.”

“As our customers move larger portions of their applications to the AWS Cloud, they need more than just robust, highly secure infrastructure services. They’ve asked us for tools to help them fortify the landscape around their core services and ensure that they are deploying what they intend, governing their resources, and implementing security best-practices,” said Scott Wiltamuth, Vice President, Developer Productivity and Tools, Amazon Web Services.

“To address these needs, AWS Key Management Service, AWS Config, and AWS Service Catalog help customers manage encryption and compliance efforts so they can understand, control, and audit how their resources are being deployed, who is accessing them, and what activities and usage is happening within their environments,” Wiltamuth added.

Rounding out the product announcements, Amazon also announced AWS Service Catalog, a solution soon to be launched that will let administrators create and share catalogs of customized “products” that incorporate company-approved standard architectures and configurations. With AWS Service Catalog, administrators can set policies to help them meet their requirements, such as limiting how many times an application can be used in order to maintain licensing compliance, Amazon explained.

“We wanted more detailed visibility into resource configurations and how these configurations change so we can detect misconfigurations quickly, yet maintain developer productivity in the cloud,” said Mike Capone, Chief Operating Officer, Medidata Solutions. “AWS Config addresses these needs for us. The visibility we get with AWS Config improves our overall governance and compliance posture on AWS.”

Customers can access AWS Key Management Service using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs.

AWS Key Management Service is initially available in select data centers globally. AWS Service Catalog will be available in early 2015 and AWS Config is currently available in preview.

More information on the new enterprise-focused offerings is available online.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...