AWS Pitches UK Data Centres And Security Automation To Regulated Industries

Amazon Web Services (AWS) will offer its customers UK-based data centres either late this year or early 2017 as it seeks to attract latecomers to its cloud services.

Gavin Jackson, AWS managing director for UK and Ireland, said it was “bang on track” to deliver its UK region which TechWeekEurope understands could open any time between now and February.

Many of these firms are in regulated industries such as health and finance that need to control where their data is stored. Microsoft Azure and Google Cloud Platform (GCP) have also recognised the need for British Cloud regions as the importance of data-sovereignty increases.

And at AWS Summit in London this week, Amazon was very keen to stress the security of its platform.

Read More: Amazon CTO – We”ve always been a technology company

Securing the cloud

“These regions are important constructs for us,” declared Stephen Schmidt, AWS CISO. “You have to tell us where to put [your data] and we don’t move it unless you tell us to.”

He said Amazon’s own security efforts added an additional benefit of scale for cloud adoption as customers could take advantage of its own investments and the constant updates applied to its platform which mean there is no reason why sensitive data could not be sent to the public cloud.

“Security professionals are inhibited because they are seen as a cost rather than an enabler,” he continued, adding that even free users have the same security protections as some of its largest customers.

“Don’t reinvent the wheel. You can take advantage of the fact that if you are a smaller customer, someone like Shell or BP has required us to set the bar quite high. Isn’t it wonderful to have a large security contingent like we have on your side?”

Schmidt spoke at length about the various management and visibility tools that AWS can provide customers with to manage their workloads, as well as its disaster recovery provisions and compliance.

“As a result of us being able to secure their information, many customers are going all-in for AWS,” he said.

Regulated view

Even though not all customers are going “all-in”, AWS did offer a number of customers in regulated industries that were moving some projects, such as development and testing, to the platform.

To illustrate his point, Ash Roots, director of digital at insurance firm Direct Line, was used as a customer example: “We believe [AWS] just as safe as the previous implementation we had, which is fantastic.”

“It’s hugely important they invest in security,” Marco Pera, global head of platform management at HSBC, told TechWeekEurope. “It’s true they take away some of the pains, but it’s not like the cloud is magic. You still have to invest in security of your applications because it’s your service at the end of the day.”

Loading ...

Human security and Automation

He said that to ensure the maximum levels of security, organisations needed to remove humans from processes as much as possible.

At AWS data centres, magnetometers check to see if employees have any storage that could contain files when they leave the facility and no one who has virtual access to the servers can have physical access.

Read More: AI and machine learning are the future of cybersecurity

Similarly, AWS advocates policy control so that certain people can only have access to resources and systems at a certain time. So for example, an engineer might only be able to use certain applications from his desktop computer during office hours.

“Perimeter defence is dead,” said Schmidt. “It’s necessary to reduce noise but it’s not an effective security control.”

In addition to encrypting everything, Schmidt believes automation is the future. Because humans make mistakes or can be corrupted, they are more easily compromised.

“I set a goal to aggressively reduce the number of staff that have access to data [at AWS]. I wanted an 80 percent reduction. [Automation] is a repetitive process that enforces certain behaviours across your user base. The number of times a customer says they ‘forgot’ to do something is astonishing.”

“If you automate actions that humans normally undertake you reduce error and you remove the ability for people like the Chinese government to steal credentials.”

Think you know all about Amazon Web Services? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 hour ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

2 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

3 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

4 hours ago

NHS To Trial Drone Delivery Of Chemotherapy To Isle Of Wight

NHS launches latest trial of drone delivery, with vertical take-off and landing drone from start-up…

5 hours ago

Google To Delete Location History Of Users Who Visit Abortion Clinics

Google to automatically delete location history of users who go near sensitive locations such as…

24 hours ago