CloudCloud ManagementDatacentreIAASPAASServerVirtualisation

AWS Pitches UK Data Centres And Security Automation To Regulated Industries

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +

AWS is stressing the security, privacy and compliance of its cloud services to target late adopters in regulated industries

Amazon Web Services (AWS) will offer its customers UK-based data centres either late this year or early 2017 as it seeks to attract latecomers to its cloud services.

Gavin Jackson, AWS managing director for UK and Ireland, said it was “bang on track” to deliver its UK region which TechWeekEurope understands could open any time between now and February.

Many of these firms are in regulated industries such as health and finance that need to control where their data is stored. Microsoft Azure and Google Cloud Platform (GCP) have also recognised the need for British Cloud regions as the importance of data-sovereignty increases.

And at AWS Summit in London this week, Amazon was very keen to stress the security of its platform.

Read More: Amazon CTO – We”ve always been a technology company

Securing the cloud

aws-summit-1“These regions are important constructs for us,” declared Stephen Schmidt, AWS CISO. “You have to tell us where to put [your data] and we don’t move it unless you tell us to.”

He said Amazon’s own security efforts added an additional benefit of scale for cloud adoption as customers could take advantage of its own investments and the constant updates applied to its platform which mean there is no reason why sensitive data could not be sent to the public cloud.

“Security professionals are inhibited because they are seen as a cost rather than an enabler,” he continued, adding that even free users have the same security protections as some of its largest customers.

“Don’t reinvent the wheel. You can take advantage of the fact that if you are a smaller customer, someone like Shell or BP has required us to set the bar quite high. Isn’t it wonderful to have a large security contingent like we have on your side?”

Schmidt spoke at length about the various management and visibility tools that AWS can provide customers with to manage their workloads, as well as its disaster recovery provisions and compliance.

“As a result of us being able to secure their information, many customers are going all-in for AWS,” he said.

Regulated view

Even though not all customers are going “all-in”, AWS did offer a number of customers in regulated industries that were moving some projects, such as development and testing, to the platform.

To illustrate his point, Ash Roots, director of digital at insurance firm Direct Line, was used as a customer example: “We believe [AWS] just as safe as the previous implementation we had, which is fantastic.”

“It’s hugely important they invest in security,” Marco Pera, global head of platform management at HSBC, told TechWeekEurope. “It’s true they take away some of the pains, but it’s not like the cloud is magic. You still have to invest in security of your applications because it’s your service at the end of the day.”

What type of cloud strategy does your organisation have?

View Results

Loading ... Loading ...

Human security and Automation

netflixHe said that to ensure the maximum levels of security, organisations needed to remove humans from processes as much as possible.

At AWS data centres, magnetometers check to see if employees have any storage that could contain files when they leave the facility and no one who has virtual access to the servers can have physical access.

Read More: AI and machine learning are the future of cybersecurity

Similarly, AWS advocates policy control so that certain people can only have access to resources and systems at a certain time. So for example, an engineer might only be able to use certain applications from his desktop computer during office hours.

“Perimeter defence is dead,” said Schmidt. “It’s necessary to reduce noise but it’s not an effective security control.”

In addition to encrypting everything, Schmidt believes automation is the future. Because humans make mistakes or can be corrupted, they are more easily compromised.

“I set a goal to aggressively reduce the number of staff that have access to data [at AWS]. I wanted an 80 percent reduction. [Automation] is a repetitive process that enforces certain behaviours across your user base. The number of times a customer says they ‘forgot’ to do something is astonishing.”

“If you automate actions that humans normally undertake you reduce error and you remove the ability for people like the Chinese government to steal credentials.”

Think you know all about Amazon Web Services? Try our quiz!