Amazon makes it easier to lock down the cloud

07.10.2015
If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services. 

On Wednesday, Amazon announced the private preview of a pair of products that are designed to help companies keep the resources and workloads they have stored in the AWS cloud compliant with security policies. The first is called Amazon Inspector, and it's supposed to provide a comprehensive set of rules that costumers can automatically check their applications against. Those rules can include industry best practices, compliance standards and more. 

Inspector helps companies make sure that they're not introducing new problems into their applications when they're quickly rolling out new features. Once a company has hooked Inspector up to a group of instances that make up an application, Amazon's service will run at a specified interval to make sure it's still in compliance with policies. If something is off, administrators will get a report from Inspector outlining the problems that it spotted.

Amazon hasn't announced pricing for the service, but it seems like a powerful tool for companies that want to make sure they're following the best practices for locking down applications.

A new AWS Config Rules service lets companies set rules about how each of their instances must be configured, and apply certain policies if those rules aren't followed. For example, a company could say that all instances have to be spun up within a Virtual Private Cloud, and automatically terminate those that aren't. Or, in a less draconian case, they could automatically encrypt instances that were started unencrypted.

Amazon has a small collection of pre-built rules based on what customers most frequently request, and those companies that need a little something different can build their own custom rules in JavaScript using AWS Lambda functions. The service costs $2 per active rule per month, and each account gets 20,000 free evaluations per active rule per month. After that, companies will have to pay US $0.10 per thousand evaluations.  

Those services, along with new features the company unveiled Wednesday that are focused on getting businesses onto its cloud, may draw even more customers to Amazon's public cloud. 

Blair Hanley Frank

Zur Startseite