Amazon and its partners are working hard to boost security on Amazon Web Services (AWS), as public clouds cannibalize traditional data center workloads. Ways to implement additional layers of security over externally provided service were the basis of a major session track at Amazon's developer event re:Invent 2014.
Twenty five sessions were dedicated to security at last week’s event in Las Vegas, including a keynote address from Steve Schmidt, chief information security officer for Amazon Web Services.
Amazon took the wraps off two new security and compliance tools at the event, to complement existing offerings, according to the company’s statement. AWS Key Management Service will help AWS customers manage custom encryption keys, and will deploy hardware security modules (HSMs) to protect those keys. AWS Config takes aim at customers’ auditing and visibility and “is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance”, according to an AWS statement.
Amazon, however, was far from the only firm looking to cash in on the security angle. More than two dozen security vendors were among the re:Invent 2014 co-sponsors, and exhibited at the event. Many of them were introducing new or updated cloud security offerings specifically geared toward AWS. Although this is not an exhaustive list of all on display, Datacenter Dynamics has culled the following highlights – in no particular order – of what was unveiled at the Venetian Hotel in Las Vegas.
Incapsula
Incapsula DDoS Protection for Amazon Web Services is a cloud-based DDoS protection service for businesses hosting their applications on AWS. The service is an enhancement to AWS’ basic DDoS mitigation. Using advanced traffic inspection technology, Incapsula’s DDoS Protection for AWS automatically detects and mitigates volumetric network (OSI layer 3) and sophisticated application (layer 7) DDoS attacks.
Sophos
The company expanded its product portfolio on AWS Marketplace with the addition of a new secure server option for customers on AWS. The new Sophos Secure OS delivers comprehensive security bundled with CentOS. The new Sophos Secure OS will combine CentOS with comprehensive, preinstalled anti-malware protection in a single Amazon Machine Instance (AMI).
Imperva
Announced the immediate availability of a Cloud Reference Architecture for Infrastructure-as-a-Service (IaaS), focused on AWS. According to Imperva, “it provides the industry's first-ever guide for implementing web application security and application management security solutions in a public cloud.” The Cloud Reference Architecture will provide several blueprints for building an additional security layer for applications running on the AWS Cloud. These blueprints offer powerful strategies for deploying the Imperva SecureSphere Web Application Firewall (WAF) together with complementary services from the company's Incapsula (DDoS protection) and Skyfence (privileged user monitoring) acquisitions.
Datapipe
Launched its new Datapipe Access Control Model for AWS (DACMA). DACMA lets enterprise businesses take advantage of Datapipe’s AWS managed services without requiring them to hand over the administrator-level credentials. The model also allows for an enhanced level of security and control through role based access and tracking, clearly establishing and tracking the accountability and actions of all users.
HyTrust
Made available its HyTrust DataControl, a public cloud encryption solution, for AWS through AWS Marketplace as a native Amazon Machine Image (AMI). It can be deployed into existing and new Amazon EC2 instances to encrypt Windows and Linux virtual machines (VMs). The NIST-approved encryption protects VMs and their data from the time they are created, wherever they go, until they are securely decommissioned.
Alert Logic
Announced availability of Alert Logic Cloud Defender, a new, fully managed cloud-based security and compliance suite that offers the functionality of a managed security information and event management (SIEM) solution. The company says it delivers “the functionality, security content and actionable intelligence that organizations need to uncover and remediate active threats” and protects them from cyber threats targeted at business critical infrastructure wherever it’s deployed – on-premises, in a public cloud or in a hybrid datacenter.
Porticor
loud encryption specialist announced that its Virtual Private Data (VPD) platform enables SaaS providers and information service vendors to secure customers’ private data in service offerings running on AWS. Cloud providers, as a result, can secure cloud-based protected health information (PHI), helping them meet HIPAA and Safe Harbor compliance requirements, as well as a variety of other compliance regulations, enabling them to offer compliance services in new industries governed by compliance regulations.
Trend Micro
Made available on AWS Marketplace its cloud and data center platform, Trend Micro Deep Security. According to the company, “Deep Security provides automated cloud security on AWS, including intrusion prevention (IPS), anti-malware with web reputation, integrity monitoring, log inspection, and host firewall, in one comprehensive offering.” It can be integrated with leading management tools such as Chef, Puppet, SaltStack, AWS CloudFormation or AWS OpsWorks. “Deep Security automates security provisioning for rapid protection of instances from the latest in vulnerabilities with workload-aware security.”
CommVault
Newly announced Simpana solution enables virtual machine provisioning, management, backup and recovery, retirement, and archiving operations with the AWS cloud. CommVault says it reduces complexity and improves operational efficiency through automated, policy-based data management across hybrid architectures within a single console. Simpana software support for Amazon Simple Storage Service (Amazon S3) and Amazon Glacier gives customers and partners the ability to manage data across on-premise and in cloud infrastructures.
Barracuda Networks
The Barracuda Load Balancer ADC provides high-performance, cost-effective application delivery for workloads running across on-premises, cloud and hybrid environments. The appliance is now available for AWS in AWS Marketplace, and it enables organizations to securely run applications across public and private cloud infrastructures. It offloads compute-intensive SSL transactions, and offers optimization features such as caching, compression, and TCP pooling to enable faster application delivery and ensure scalability.
Palo Alto Networks
The company has updated PAN-OS, the operating system of its proprietary enterprise security platform. Among the updates in PAN-OS version 6.1 are the availability of the Palo Alto Networks VM-Series of virtual next-generation firewalls on the AWS Marketplace and increased functionality for the Palo Alto Networks WildFire threat protection offering. Also announced was availability of the PA-3060, a new hardware model designed for mid-range datacenter environments.