Amazon Web Services executives Tuesday announced internal and third-party features at AWS re:Inforce designed to provide customers with an expansive set of cloud security services at scale.
“It's entirely likely that we've handled 50 things for you this month that just happened and you had no idea that we were protecting you behind the scenes,” Amazon CSO Stephen Schmidt said. “At our scale, every outlier scenario that can happen does. I'm talking about the disproportionately hard to predict and rare events that are beyond the realm of normal expectations.”
The world’s largest cloud provider revamped and added new partners to its security competency program, embedded layers of malware protection to its cloud security offerings, and extended security detection to its managed Kubernetes service.
AWS is acting as the central security advisor for its customers by choosing what to develop internally and selecting third-party vendors it deems best suited for tight integration with its platform.
“Do not let one line of defense be the entire equation. Security tools are always stronger when used as part of a holistic strategy,” Schmidt said. “Build your systems in a way that requires multiple things to go wrong for a bad outcome to occur.”
AWS buttresses security gaps with outside expertise
AWS’ security team tracks quadrillions of events every month, and that includes data from millions of customers. This, according to Schmidt, puts customers in a position to focus on immediate and specific security needs instead of anomalous activities that are constantly monitored by services built into AWS.
How this balance plays out in the shared responsibility model remains vague. Cloud customers are largely responsible for security around the cloud, as AWS assumes that burden for all activity within the confines of its infrastructure.
The company articulated a comprehensive vision for the cloud and cloud security, but AWS runs the risk of introducing so many products and services that the vision becomes confusing and fragmented, Curtis Franklin, senior analyst at Omdia, said via email.
“Amazon is coming closer to the point at which customers can have a complete, secure cloud platform using nothing but AWS offerings,” he said. “It’s not clear whether they’re going to be able to move beyond that point while still welcoming their partners to have a role in the customer environment.”
Therein lies AWS’ explicit desire to be the cloud of choice in multicloud environments, Franklin said. For now, AWS is leaving room for multiple validated partners to provide specialized security services for unique requirements.
AWS’ security strategy, as top executives explained at the event, is to strike a balance between providing embedded security capabilities that require minimal customer effort and linking customers with third-party vendors to fulfill specific needs.
“We want to assist customers in avoiding security jargon so they can pinpoint that third-party software needed to support them,” AWS CISO CJ Moses said during the keynote.