AWS Pitches UK Data Centres And Security Automation To Regulated Industries

Amazon Web Services (AWS) will offer its customers UK-based data centres either late this year or early 2017 as it seeks to attract latecomers to its cloud services.

Gavin Jackson, AWS managing director for UK and Ireland, said it was “bang on track” to deliver its UK region which TechWeekEurope understands could open any time between now and February.

Many of these firms are in regulated industries such as health and finance that need to control where their data is stored. Microsoft Azure and Google Cloud Platform (GCP) have also recognised the need for British Cloud regions as the importance of data-sovereignty increases.

And at AWS Summit in London this week, Amazon was very keen to stress the security of its platform.

Read More: Amazon CTO – We”ve always been a technology company

Securing the cloud

“These regions are important constructs for us,” declared Stephen Schmidt, AWS CISO. “You have to tell us where to put [your data] and we don’t move it unless you tell us to.”

He said Amazon’s own security efforts added an additional benefit of scale for cloud adoption as customers could take advantage of its own investments and the constant updates applied to its platform which mean there is no reason why sensitive data could not be sent to the public cloud.

“Security professionals are inhibited because they are seen as a cost rather than an enabler,” he continued, adding that even free users have the same security protections as some of its largest customers.

“Don’t reinvent the wheel. You can take advantage of the fact that if you are a smaller customer, someone like Shell or BP has required us to set the bar quite high. Isn’t it wonderful to have a large security contingent like we have on your side?”

Schmidt spoke at length about the various management and visibility tools that AWS can provide customers with to manage their workloads, as well as its disaster recovery provisions and compliance.

“As a result of us being able to secure their information, many customers are going all-in for AWS,” he said.

Regulated view

Even though not all customers are going “all-in”, AWS did offer a number of customers in regulated industries that were moving some projects, such as development and testing, to the platform.

To illustrate his point, Ash Roots, director of digital at insurance firm Direct Line, was used as a customer example: “We believe [AWS] just as safe as the previous implementation we had, which is fantastic.”

“It’s hugely important they invest in security,” Marco Pera, global head of platform management at HSBC, told TechWeekEurope. “It’s true they take away some of the pains, but it’s not like the cloud is magic. You still have to invest in security of your applications because it’s your service at the end of the day.”

Loading ...

Human security and Automation

He said that to ensure the maximum levels of security, organisations needed to remove humans from processes as much as possible.

At AWS data centres, magnetometers check to see if employees have any storage that could contain files when they leave the facility and no one who has virtual access to the servers can have physical access.

Read More: AI and machine learning are the future of cybersecurity

Similarly, AWS advocates policy control so that certain people can only have access to resources and systems at a certain time. So for example, an engineer might only be able to use certain applications from his desktop computer during office hours.

“Perimeter defence is dead,” said Schmidt. “It’s necessary to reduce noise but it’s not an effective security control.”

In addition to encrypting everything, Schmidt believes automation is the future. Because humans make mistakes or can be corrupted, they are more easily compromised.

“I set a goal to aggressively reduce the number of staff that have access to data [at AWS]. I wanted an 80 percent reduction. [Automation] is a repetitive process that enforces certain behaviours across your user base. The number of times a customer says they ‘forgot’ to do something is astonishing.”

“If you automate actions that humans normally undertake you reduce error and you remove the ability for people like the Chinese government to steal credentials.”

Think you know all about Amazon Web Services? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

4 hours ago