AWS Reveals New Services for Enterprise Security and Governance 

Amazon Web Services, Inc. (AWS) has announced three new services to make it even easier for enterprises to maintain security, governance, and compliance of their resources in the AWS Cloud. AWS Key Management Service is a fully managed service that makes it easy for customers to create and control the encryption keys used to encrypt their data on the AWS Cloud. AWS Config is a fully managed service that provides customers with full visibility into their AWS resources and associated relationships, lets them audit resource configuration history, and notifies them of resource configuration changes. AWS Service Catalog allows enterprise administrators to select what AWS resources they want their employees deploying, in what configurations, who has access to each of these options, and then makes them discoverable to their employees via a personalized portal.

Enterprises are increasingly moving the majority of their applications to the cloud, and need visibility and control over their resources in order to have the requisite governance and compliance abilities. AWS CloudTrail (API logging service), Amazon CloudWatch (fine-grained monitoring and alarming service), and AWS Trusted Advisor (proactive help for customers on how they can be better optimized on AWS) provide customers with visibility and control capabilities; but enterprises want easier ways to manage encryption, more details on configurations, and methods to govern employees’ use of IT resources. Today, enterprises have to invest a lot of time, effort, and budget into maintaining this security, governance, and compliance, taking attention away from their core business. With AWS Key Management Service, AWS Config, and AWS Service Catalog, enterprise customers have new AWS Cloud services to easily and cost-effectively manage their infrastructure.

Encryption made easy with AWS Key Management Service

AWS Key Management Service lets developers encrypt data with one click in the AWS Management Console, or by using the AWS SDK to add encryption to their application code. It provides a single place for administrators to create, disable, and view keys, allowing them to define usage policies and set up automatic enforced key rotation. AWS Key Management Service logs all key usage information, feeding an audit trail into AWS CloudTrail for customers to use in meeting compliance and regulatory requirements. AWS Key Management Service provides seamless integration with services like Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), Amazon Relational Database Service (Amazon RDS), and Amazon Redshift, along with a simple SDK for integration into a customer’s own applications. It uses Hardware Security Modules (HSMs) to protect the security of customer keys.

“As our customers move larger portions of their applications to the AWS Cloud, they need more than just robust, highly secure infrastructure services. They’ve asked us for tools to help them fortify the landscape around their core services and ensure that they are deploying what they intend, governing their resources, and implementing security best-practices,” said Scott Wiltamuth, Vice President, Developer Productivity and Tools, Amazon Web Services. “To address these needs, AWS Key Management Service, AWS Config, and AWS Service Catalog help customers manage encryption and compliance efforts so they can understand, control, and audit how their resources are being deployed, who is accessing them, and what activities and usage is happening within their environments.”

Visibility into AWS resources with AWS Config

AWS Config provides customers with full visibility into all of their AWS resources, and the relationships between application infrastructure components, so they can understand and evaluate the impact of changes to their environment. AWS Config continuously records changes to the configuration attributes of a customer’s AWS resources, such as security group settings, or the value tags on Amazon EC2 instances. Administrators get this information in a continuous stream, and they can view a full history and review configuration change impact across resources to support security analysis, compliance auditing, and troubleshooting efforts. AWS Config is available in preview today.

AWS Service Catalog

AWS Service Catalog will enable administrators to create and share catalogs of customized “products” that incorporate company-approved standard architectures and configurations. Administrators can employ access controls by individual, group, department, or cost center, giving them fine-grained control over who is allowed to use a given application. With AWS Service Catalog, administrators can set policies to help them meet their requirements, such as limiting how many times an application can be used in order to maintain licensing compliance. Administrators make these catalogs of approved products available to employees via a self-service Web portal. AWS Service Catalog logs all usage in AWS CloudTrail so that administrators can review, report, and confirm compliance. AWS Service Catalog will be available in early 2015.

Informatica is a leading provider of enterprise data integration software. “Maintaining the security of Informatica’s customers’ data is critical for us,” said Nitin Agarwal, Information Security Architect, Informatica. “AWS Key Management Service makes it easy for Informatica to implement good security practices around data protection, no matter where it resides. The AWS solution helps to provide secure data integration service forInformatica products and our customers.”

MobileIron is the leader in Enterprise Mobility Management and provides the foundation for companies around the world to secure mobile applications, content, and devices. “More enterprises are moving data to the cloud and they expect the same degree of security as if data were on premises,” said Ojas Rege, Vice President Strategy, MobileIron. “AWS Key Management Service provides protection for and management of encryption keys which allows us to develop a cloud services architecture that assures corporate data remains safeguarded as securely as in an on-premises, TPM-protected environment.”

Medidata delivers a cloud platform with innovative technology and data analytics that is transforming clinical development. “We wanted more detailed visibility into resource configurations and how these configurations change so we can detect misconfigurations quickly, yet maintain developer productivity in the cloud,” said Mike Capone, Chief Operating Officer, Medidata Solutions. “AWS Config addresses these needs for us. The visibility we get with AWS Config improves our overall governance and compliance posture on AWS.”