Amazon is taking steps to ease enterprises’ biggest concerns around moving to its AWS platform. During a keynote at its AWS re:Invent conference in Las Vegas yesterday, the company announced three new security and compliance services developed specifically for enterprise customers.
Enterprises have been reluctant to move "the number of workloads they really wanted to move” to the cloud and AWS because of security and compliance issues, said Andy Jassy, senior vice president of Amazon Web Services. “What we see as the new normal now is that security and compliance are becoming reasons that customers are moving to the cloud.”
After citing the numerous certifications and compliance programs that AWS has secured for its customers over the last few years, including SOC1, 2 and 3, HIPAA, FISMA, CSA and most recently, ISO 9001, Jassy announced the newest enterprise services.
1. AWS Key Management Services
“If you think about security, and customers that care deeply about the privacy and security of their data, those companies encrypt their data,” said Jassy. “And that’s why we developed a number of encryption solutions in AWS over the last several years.”
Described as encryption, key management and compliance made easy, the service, which Jassy announced is available now, allows users to encrypt in one click from the AWS management console, or through their SDK.
In making the announcement, he talked about the challenges customers voiced with previously available encryption options.
“We have some customers who are comfortable with us using the keys, and we have other customers who want to manage the keys themselves,” he said. “When you talk to customers about these solutions, they tell you there are a number of challenges no matter which way they go.”
While AWS managed encryption is convenient and automated, customers have said they want more visibility and control. On the other hand, customers that manage their own encryption cite issues such as: inconsistent key storage, difficulties with key rotation and challenges with managing and auditing access and usage.
Notable features of the AWS Key Management Services offering include:
- Key security protected by HSMs
- Integration with AWS Services such as S3, EBS, RDS, and Redshift
- Highly available and durable
2. AWS Config
Jassy went on to introduce the next offering for enterprise compliance – AWS Config, a new resource dependency and auditing service that provides full visibility into all AWS resources. The service is in preview today.
Noting that a “vast majority of our enterprises are already adopting CloudTrail,” Amazon’s previously launched web service for improved governance that logs and tracks API calls made to AWS resources, he provided the motivation for the release:
“Customers want to know which resources they have in AWS, and how they’re related,” said Jassy. “And they want to be able to see what happens if they make changes for these resources that are part of various groups they’ve set up.”
He went on to talk about the shortcomings of configuration management database and IT service management services up until now.
“Traditional CMDB and ITIL solutions were built before the cloud came about. They really have a high emphasis on locking things down and making change hard,” he said.
“The primary value of the cloud is agility and speed,” he added. “You don’t want a toolset that prohibits you from taking advantage of the power of the cloud.”
3. AWS Service Catalog
Finally, for enterprises deploying or hoping to deploy large amounts of data to AWS, Amazon has introduced the AWS Service Catalog, which provides a standardized way for employees to deploy to AWS.
Citing Gartner’s statement that the “cornerstone of delivery automation is service and delivery automation,” Jassy said that service catalogs allow enterprise administrators to set up how they want resources deployed, who can deploy them, and provide access control along a lot of dimensions, as well as visibility.
“Not surprisingly, as so many enterprises are moving to AWS,” said Jassy, “we have heard repeatedly from our customers, ‘We would love a Service Catalog.’”
Enter the AWS Service Catalog, coming in early 2015.
“This will allow enterprise administrators to create portfolios of products, set them up in the configuration that they want them deployed, and they can make them easily discoverable for employees at their company on a portal that they host,” he explained.
“It also allows them to have fine-grain access control,” he said, adding that administrators can have access control on the individual, the group, the department, or on the cost centers so that they can meet the compliance needs they have in different businesses – all with strong visibility, as activity is tracked in AWS CloudTrail.
All new services announced are supported by Amazon’s Partner Ecosystem so that customers can use the same tool chain they’re used to using, said Jassy.
Significant Services for Enterprises
Wrapping up this portion of the keynote, Jassy recounted the significance of these three new services to enterprise customers.
“What we’ve found is that over the last year or two, what our customers have said is, ‘Look, I get that the individual building block infrastructure services are secure. But you have to help me find a way to make my organization secure around those services and how they use those services,’” concluded Jassy.
“So, giving customers a better way to do key management encryption, full visibility into their resources, the dependencies to those resources, and any changes to those resources, and a standardized way that they deploy AWS is really important to our customers, and that’s why we provided these three services.”