Amazon Web Services recently introduced Firewall Manager and a range of other new security tools to help its cloud customers have access to tools that are easier to use, manage and understand.
Speaking at the AWS Summit in San Francisco earlier this month, Werner Vogels, Chief Technology Officer at Amazon, said its new console, AWS Secrets Manager, “allows us to build systems that are way more secure than we ever could in the past”. Vogels complained about the number of data breaches in recent years, and pointed out “most of these data breaches have been happening because we’ve been building security in our applications as an afterthought”. He added, “Today, security is everybody’s job. … And it’s our responsibility to protect our customers.”
In February, security researchers uncovered an illegal cryptocurrency mining operation on Tesla’s AWS account. Hackers had exploited an unprotected Kubernetes cluster running on Tesla’s infrastructure, which had allowed them to compromise the security of Tesla’s AWS account. AWS Secrets Manager will give customers more control over who is allowed to access certain credentials to prevent these kinds of hacks from taking place.
AWS Secrets Manager combines various existing security features in addition to adding several new ones. One of the features customers repeatedly asked for was the ability to manage its protection options via a single, central location. In a blog post, AWS introduced its new Firewall Manager in more depth, which does just that. The Firewall Manager offers customers the opportunity “to use multiple AWS accounts and to host applications in any desired region while maintaining centralized control over their organization’s security settings and profile”. A central dashboard helps users to access all its AWS security services from one place.
Cloud security problems frequently arise due to the fact that many cloud computing efforts began on a smaller scale within companies, and as more employees utilize cloud services, the cloud and attendant security needs have to scale too, often within a context of different applications needing different security policies based on how they were initially conceived.
The new AWS Firewall Manager utilizes automated policy enforcement across multiple applications and accounts, helping solve the problem of compliance with organization-wide security policies. The console also allows developers to “find applications and AWS resources that don’t measure up, and bring them into compliance in minutes”.
Firewall Manager is constructed around named policies that comprise of WAF rule sets and optional AWS Shield advanced protection. Each policy applies to “a specific set of AWS resources, specified by account, resource type, resource identifier, or tag”. Policies can be applied automatically, or be individually selected. Policies can include both WAF rules the organization follows, and those generated by AWS Partners. This allows companies to duplicate their existing on-premises security procedures in the cloud.
Other new security features include Private Security Certificate, an addition to the existing AWS Certificate Manager, which lets customers obtain private certificates for securing web applications directly through AWS.
The new services come included in the pricing for AWS Shield Advanced; if not, a monthly fee is charged for each policy in each region where it is used.