Las Vegas - One of the first breakout sessions at Amazon’s re:Invent cloud conference was an “AWS Security State of the Union” standing-room-only address by the company’s Chief Information Security Officer Steve Schmidt.
“Enterprise security is not where it needs to be,” Schmidt said in the opening moments of the presentation. Why? Because security in the cloud is hard. One of the biggest problems, Schmidt says, is that there is a lack of automation. With the products AWS launched at re:Invent this week, the company is attempting to change that.
+MORE AT NETWORK WORLD: Hottest products at AWS re:Invent | New service helps pull data into AWS from the Internet of Things +
One of the flagship new products is named Amazon Inspector, a security assessment tool that monitors a customers’ AWS environment and informs users of security vulnerabilities. “We collect, analyze and give a report of what we find,” Schmidt says. On the back end, Inspector integrates with a content library of security vulnerabilities and best practices.
Inspector will inform users if there are critical vulnerabilities in their environments and check for network security best practices. There are authentication guidelines and OS rules.
“We help you avoid things that are bad ideas in general and that are easy to fix,” Schmidt says.
Another example: It can track when an old password should be changed. Doing so makes it easier for customers to achieve compliance with accreditations like PCI or HIPPA.
Inspector is in preview now and available on Linux virtual machines.
Before re:Invent, AWS launched another security feature named Web Application Firewall. The service is meant to protect against SQL injection and other common security threats. It allows rules to be created dictating which type of traffic an app can allow, and which should be blocked.
AWS trotted out a variety of customers during the day one keynote to help dispel the fears of cloud security. First up was Capital One, one of the nation’s largest credit card and banking institutions. CIO Rob Alexander said the company has built a whole new mobile banking app that runs almost entirely in AWS’s cloud.
Capital One has worked closely with AWS to build a security model for their app that Alexander believes is as strong, if not stronger, than the security of the company’s data centers it operates. Doing so means that the company is downsizing its data centers – from eight in 2014 to only three by 2018.
Jim Fowler, CIO of General Electric, says his company’s move to embracing cloud computing is one of the most important transitions in the GE’s 140-year history.
“This is no longer an experiment, no longer a test,” he said. “We’re moving and we’re glad to have AWS be our partner.”