ralwel - Fotolia

AWS shares datacentre security secrets to inspire more enterprise cloud adoption

CISO says there is no need to sacrifice security to pursue innovation in the cloud, as he reveals how the cloud giant safeguards customer information in its datacentres

Enterprises should not be fooled into thinking they must choose between innovation and security to get up and running in the cloud quickly, according to Amazon Web Services (AWS).

Speaking at the AWS Enterprise Summit in London, Stephen Schmidt, chief information security officer (CISO) at AWS, said enterprises often laboured under the misapprehension that pursuing an innovation agenda meant making trade-offs on security – but they were mistaken.

“It used to be a discussion where people would say ‘I can either move quickly or I can be secure – but I can’t be both’, but that is a false choice,” said Schmidt. “I think, when properly implemented, you can both move rapidly on the cloud and be at least as secure as you can be on-premises.”

Public cloud providers such as Google and Microsoft have moved to assure enterprises that are hesitant about moving to the cloud because of security concerns that their data is likely to be safer there than in an on-premise environment.

Schmidt expanded AWS’s view on this by giving details of the steps the company takes to safeguard customer information within its datacentres – something he said it was “paranoid” about.

“We have magnetometers on our datacentre entry points – not on the way in, but on the way out to determine if our staff have any storage material [hard disks] on them,” he said.

“This is a way to ensure we protect customer data appropriately, but it is also representative of how I think security controls should be represented everywhere in the cloud.”

AWS has also introduced measures and policies to limit staff access to customer data based on their job roles in the datacentre.

Cannot access data

For example, in an AWS datacentre, individuals responsible for tending to the physical upkeep of its hardware cannot access the data stored on those devices, and vice versa, said Schmidt.

“If you go into your on-premises datacentre right now [and look at] the human beings in that facility, how many of them have admin or root rights to the machines in there? The answer in most corporate datacentres is all of them,” he said.

“But if you walk into an AWS datacentre, the data techs – the people who physically touch the hardware – have no logical access to that machine. We separate duties.

“It makes it harder to compromise people who have access to data if you separate those job responsibilities.”

Read more about AWS in the enterprise

AWS’s approach to cloud security is credited with driving the evolution the company claims to have seen over the past 12 months in terms of how its enterprise customers are using its services.

As proof of this, Gavin Jackson, managing director for the UK and Ireland at AWS, cited the year-on-year growth in the number of customers who have progressed beyond using its services for simple test and development workloads since the 2015 Enterprise Summit.

“In 2015 we had around 500 people in the audience, and at that point we had around 50% of the people in the room that were using something on AWS,” he said.

“Some people were using production workloads, some were just trying it out for the first time. If you fast forward 12 months to 2016, we have here more than 1,000 people in the room and around 80% are using something and 44% are using multiple production workloads in AWS.”

Elsewhere in the keynote, Jackson restated the company’s commitment to opening a UK datacentre region, although it is still unclear whether it will come online before the end of the year or in early 2017.

“It is due to come towards the end of this year or at the beginning of next year,” said Jackson. “And we’re bang on track.” ......................................................

Read more on Virtualisation management strategy