This week at the AWS re:Invent 2014 conference in Las Vegas, Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.
Kicking off the list of new offerings is AWS Key Management Service, a fully managed service that lets customers create and manage encryption keys used to encrypt their data on the AWS Cloud. The service enables developers encrypt data with one click in the AWS Management Console, or by using the AWS SDK to add encryption to their application code.
The Key Management Service logs key usage information and feeds an audit trail into AWS CloudTrail for customers to use for compliance and regulatory requirements, and integrates with other AWS services including its Amazon S3s storage solution, Amazon Elastic Block Store, Amazon Relational Database Service, and Amazon Redshift.
An SDK is also provided for integration into a customer’s own applications.
Hardware Security Modules (HSMs) are used to protect the security of customer keys, the company said.
“More enterprises are moving data to the cloud and they expect the same degree of security as if data were on premises,” said Ojas Rege, Vice President Strategy at MobileIron. “AWS Key Management Service provides protection for and management of encryption keys which allows us to develop a cloud services architecture that assures corporate data remains safeguarded as securely as in an on-premises, TPM-protected environment.”
Amazon also launched AWS Config, a managed service that provides customers with visibility into their AWS resources and associated relationships. AWS Config provides audit resource configuration history, and notifies customers of resource configuration changes.
“AWS Config continuously records changes to the configuration attributes of a customer’s AWS resources, such as security group settings, or the value tags on Amazon EC2 instances,” Amazon explained. “Administrators get this information in a continuous stream, and they can view a full history and review configuration change impact across resources to support security analysis, compliance auditing, and troubleshooting efforts.”
“As our customers move larger portions of their applications to the AWS Cloud, they need more than just robust, highly secure infrastructure services. They’ve asked us for tools to help them fortify the landscape around their core services and ensure that they are deploying what they intend, governing their resources, and implementing security best-practices,” said Scott Wiltamuth, Vice President, Developer Productivity and Tools, Amazon Web Services.
“To address these needs, AWS Key Management Service, AWS Config, and AWS Service Catalog help customers manage encryption and compliance efforts so they can understand, control, and audit how their resources are being deployed, who is accessing them, and what activities and usage is happening within their environments,” Wiltamuth added.
Rounding out the product announcements, Amazon also announced AWS Service Catalog, a solution soon to be launched that will let administrators create and share catalogs of customized “products” that incorporate company-approved standard architectures and configurations. With AWS Service Catalog, administrators can set policies to help them meet their requirements, such as limiting how many times an application can be used in order to maintain licensing compliance, Amazon explained.
“We wanted more detailed visibility into resource configurations and how these configurations change so we can detect misconfigurations quickly, yet maintain developer productivity in the cloud,” said Mike Capone, Chief Operating Officer, Medidata Solutions. “AWS Config addresses these needs for us. The visibility we get with AWS Config improves our overall governance and compliance posture on AWS.”
Customers can access AWS Key Management Service using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs.
AWS Key Management Service is initially available in select data centers globally. AWS Service Catalog will be available in early 2015 and AWS Config is currently available in preview.
More information on the new enterprise-focused offerings is available online.
