As companies move more of their workloads into the cloud, too many of them are doing a poor job securing that data. Amazon Web Services launched several new security services Wednesday that aim to provide them with tools that are easier to use, and easier to understand.
AWS Secrets Manager is a new console that brings together several existing AWS security features as well as a few new ones, and it “allows us to build systems that are way more secure than we ever could in the past,” said Werner Vogels, Amazon chief technology officer, during a keynote address at the AWS Summit in San Francisco. The console is designed to help administrators manage credentials, such as passwords to external services that often have to be manually entered, in a much more secure and centralized fashion, AWS said in a blog post.
Vogels bemoaned how data breaches have become a near-daily part of our lives over the past few years. “Most of these data breaches have been happening because we’ve been building security in our applications as an afterthought,” he said. “Today, security is everybody’s job. … And it’s our responsibility to protect our customers.”
Credentials are often a weak link in even the best information security strategies. Earlier this year security researchers discovered that hackers used an unprotected Kubernetes cluster running on Tesla’s infrastructure that led them to security credentials for Tesla’s AWS account, which they used to set up a cryptocurrency mining operation on Tesla’s dime. AWS Secrets Manager will allow customers to exert more control over who is allowed to access certain credentials, and it does that by using AWS Lambda, the company’s serverless computing service.
AWS also launched a new service called AWS Firewall Manager, which is designed to make it easier to use other AWS security services from a central dashboard. A lot of cloud security problems arise because a lot of cloud computing efforts started out as decentralized experiments on new applications by a small group of developers at a given company, and as that company starts to take advantage of more and more cloud services, security policies can differ from application to application based on how they were originally conceived.
And customers who need private certificates for securing web applications can now get those through AWS, thanks to the addition of the Private Security Certificate feature to the AWS Certificate Manager.