Amazon looks to move security appliances to the cloud, says CISO

Moving intrusion detection and prevention systems to the cloud will help mitigate denial-of- service attacks, according to Amazon

Amazon Web Services (AWS) is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it looks to increase the level of protection users can get in its cloud.

For Amazon, proving its cloud computing platform can offer the same level of security as traditional hardware and software has been an ongoing challenge.

That it's difficult for companies to meet their existing security requirements in the cloud is a common misconception, according to Stephen Schmidt, chief information security officer at Amazon Web Services.

"For example, they are concerned about access control; network perimeter device control; and the ability to construct networks in ways that are consistent with their particular compliance or enforcement requirements. In most cases we find that not only can they do what they are doing right now in the cloud, but have more granular controls," Schmidt said.

There is also a misconception about separation of computing resources in the cloud, according to Schmidt.

"Some people have written academic papers that say it is theoretically possible to, for instance, have maybe a side-channel between hypervisors ... where you could pass information between virtual machines. The important thing about that is that those are academic papers set in a laboratory environment, as opposed to in the real world," Schmidt said.

The Virtual Private Cloud service, which lets users configure a logically isolated section of Amazon's cloud, completely negates that threat, according to Schmidt.

The company is now working with partners to let enterprises move security appliances to the cloud, including virtual appliances for intrusion detection and prevention. The move to the cloud will be a boon for enterprises that are concerned about denial-of-service attacks that rely on using a lot bandwidth, according to Schmidt.

"Obviously individual companies can't afford to have the kind of connectivity to the Internet that we can. Furthermore, they don't necessarily have the network expertise to mitigate large scale attacks whereas we do," he said.

Amazon will expand on the ways encryption can be used to help protect information, as well

"I think in the short term you'll see us enabling encryption on smaller and more granular pieces of data," Schmidt said.

Amazon's road to improve encryption functionality has already started with the recent addition of Oracle Transparent Data Encryption to its Relational Database Service (RDS), and with the introduction of CloudHSM, a service that uses a separate appliance to protect cryptographic keys used for encryption.

"You can see there is a theme here. Give the customers the tools to create an encryption infrastructure that allows them to ensure only the people they want to, whether it's in their organization or ours, have access to that data," Schmidt said.

A key part of Amazon's security efforts has been getting various kinds of certifications.

"For some industries it is an absolute must-have. For instance, for Amazon.com to move onto AWS we had to be PCI compliant, because of the credit card transaction volumes. For U.S. government organizations to move into AWS, we had to be compliant with their rules and regimes and for the U.K. government we had to be compliant with theirs," Schmidt said.

For organizations where compliance isn't a must then certifications, including ISO 27001, still work as a way for them to understand how Amazon practises security, according to Schmidt.

One certification Amazon is still working on is Federal Risk and Authorization Management Program (FedRAMP), a government program that aims to standardize security assessment, authorization, and continuous monitoring for cloud services, according to Amazon.

"It is an evolving process. The U.S. government hasn't quite decided what it wants to do with FedRAMP, and it keeps changing some of the evaluation criteria, but hopefully that will be settled soon because we are really looking forward to that one," Schmidt said.

Government organizations and agencies can rely on FedRAMP instead of doing their own evaluations, resulting in cost savings and uniform evaluations. Today some organizations are more capable of performing a good review than others are, but the FedRAMP program will iron out those differences and raise the security bar across the government space, according to Schmidt.

Send news tips and comments to mikael_ricknas@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitycloud computinginternetdata protectiondata breachManaged ServicesencryptionintrusionAmazon Web ServicesInfrastructure servicesAccess control and authenticationDetection / prevention

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mikael Ricknäs

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?