Amazon Web Services (AWS) hosted its annual re:Inforce conference July 26-27 in Boston, putting renewed focus on the cloud giant’s cloud privacy, compliance, and security initiatives.
AWS announced five new services at the event, alongside a series of incremental improvements spread across the cloud platform. Among the new services are Amazon GuardDuty Malware Protection, an integration of GuardDuty with the AWS Security Hub, Amazon Detective support for Kubernetes, and a preview of the AWS Wikr secure messaging service.
The overall theme of the event was integrating best practices and services for security and privacy as part of ongoing cloud activities.
“You must not bolt on security after you build something. It has to be in from the very beginning of when we build things,” Stephen Schmidt (pictured), chief information security officer at AWS, said in a keynote address.
“This is a best practice that we recommend to customers as we weave security into your development lifecycle and your operations.”
AWS re:Inforce Details How Cloud Security Is Helping Ukraine
During his keynote, Schmidt discussed how AWS has been working with the Ukrainian government to help keep services online in face of the Russian invasion.
AWS is providing a number of services to Ukraine. Among them is the use of AWS Snowball devices, which are secure edge computing devices for storage.
“We’ve migrated data from 27 Ukrainian ministries, 18 Ukrainian universities, and the largest remote school that, by the way, supports about several hundred thousand children in remote learning because they’re displaced,” he said.
Additionally, Schmidt noted that PrivatBank, a financial institution that serves approximately 40% of the Ukrainian population, has now moved all of its operations to the cloud. PrivatBank’s migration to AWS involved 270 applications totaling about 4 petabytes of client data that previously resided on 3,500 Ukraine-based servers, he said.
“There are moments in history where you have to roll up your sleeves and do the right thing,” Schmidt said. “For us, this is one of those moments, and I’m really proud of the way the team has responded and will continue to respond.”
New Services Announced at AWS re:Inforce
Among the new services announced at AWS re:Inforce is Amazon Detective for EKS (Elastic Kubernetes Service).
The new Detective service analyzes, investigates, and identifies the root cause of security findings or suspicious activity on EKS clusters, according to Kurt Kufeld, vice president of AWS Platform at Amazon. Kubernetes is an increasingly popular approach for deploying workloads in AWS as well as across multicloud and hybrid on-premises deployments.
Another service launched at AWS re:Inforce is Amazon GuardDuty Malware Protection. The new service applies to Amazon EC2 instances and container workloads backed by Amazon Elastic Block Store (EBS), he said.
Kufeld explained that when GuardDuty Malware Protection detects suspicious activity on a workload, it takes a snapshot of the associated EBS volume and analyzes that with compute that runs in the AWS service account so as not to disturb the running workload.
When malware is detected, GuardDuty Malware Protection automatically sends additional and contextualized malware findings to a series of other AWS services, including the GuardDuty console, AWS Security Hub, and Amazon Detective, and describes the potential source of the suspicious activity so that it can be remediated.
About the author
Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.