AWS Pitches UK Data Centres And Security Automation To Regulated Industries

Amazon Web Services (AWS) will offer its customers UK-based data centres either late this year or early 2017 as it seeks to attract latecomers to its cloud services.

Gavin Jackson, AWS managing director for UK and Ireland, said it was “bang on track” to deliver its UK region which TechWeekEurope understands could open any time between now and February.

Many of these firms are in regulated industries such as health and finance that need to control where their data is stored. Microsoft Azure and Google Cloud Platform (GCP) have also recognised the need for British Cloud regions as the importance of data-sovereignty increases.

And at AWS Summit in London this week, Amazon was very keen to stress the security of its platform.

Read More: Amazon CTO – We”ve always been a technology company

Securing the cloud

“These regions are important constructs for us,” declared Stephen Schmidt, AWS CISO. “You have to tell us where to put [your data] and we don’t move it unless you tell us to.”

He said Amazon’s own security efforts added an additional benefit of scale for cloud adoption as customers could take advantage of its own investments and the constant updates applied to its platform which mean there is no reason why sensitive data could not be sent to the public cloud.

“Security professionals are inhibited because they are seen as a cost rather than an enabler,” he continued, adding that even free users have the same security protections as some of its largest customers.

“Don’t reinvent the wheel. You can take advantage of the fact that if you are a smaller customer, someone like Shell or BP has required us to set the bar quite high. Isn’t it wonderful to have a large security contingent like we have on your side?”

Schmidt spoke at length about the various management and visibility tools that AWS can provide customers with to manage their workloads, as well as its disaster recovery provisions and compliance.

“As a result of us being able to secure their information, many customers are going all-in for AWS,” he said.

Regulated view

Even though not all customers are going “all-in”, AWS did offer a number of customers in regulated industries that were moving some projects, such as development and testing, to the platform.

To illustrate his point, Ash Roots, director of digital at insurance firm Direct Line, was used as a customer example: “We believe [AWS] just as safe as the previous implementation we had, which is fantastic.”

“It’s hugely important they invest in security,” Marco Pera, global head of platform management at HSBC, told TechWeekEurope. “It’s true they take away some of the pains, but it’s not like the cloud is magic. You still have to invest in security of your applications because it’s your service at the end of the day.”

Loading ...

Human security and Automation

He said that to ensure the maximum levels of security, organisations needed to remove humans from processes as much as possible.

At AWS data centres, magnetometers check to see if employees have any storage that could contain files when they leave the facility and no one who has virtual access to the servers can have physical access.

Read More: AI and machine learning are the future of cybersecurity

Similarly, AWS advocates policy control so that certain people can only have access to resources and systems at a certain time. So for example, an engineer might only be able to use certain applications from his desktop computer during office hours.

“Perimeter defence is dead,” said Schmidt. “It’s necessary to reduce noise but it’s not an effective security control.”

In addition to encrypting everything, Schmidt believes automation is the future. Because humans make mistakes or can be corrupted, they are more easily compromised.

“I set a goal to aggressively reduce the number of staff that have access to data [at AWS]. I wanted an 80 percent reduction. [Automation] is a repetitive process that enforces certain behaviours across your user base. The number of times a customer says they ‘forgot’ to do something is astonishing.”

“If you automate actions that humans normally undertake you reduce error and you remove the ability for people like the Chinese government to steal credentials.”

Think you know all about Amazon Web Services? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…

20 hours ago

Bankman-Fried Deserves Up To 50 Years In Jail, Prosecutors Say

Ahead of sentencing prosecutors argue ex-FTX boss Sam Bankman Fried deserves up to 50 years…

21 hours ago

Senators Take Up TikTok Bill After Italy Fine Over Harmful Content

Senators consider bill restricting TikTok after rapid House approval, as Italy competition regulator fines company…

21 hours ago

AI Security Company Backtracks On UK Testing Claims

Security company Evolv backtracks on claims UK government tested its controversial AI security scanning systems

22 hours ago

Norfolk County Council Wins $490m Payout From Apple

Apple agrees to $490m settlement of class-action lawsuit led by Norfolk County Council for allegedly…

22 hours ago

McDonald’s International Outage Caused By Third Party

McDonald's says outage affecting thousands of locations across world caused by third-party tech provider carrying…

23 hours ago