AWS banking on new security capabilities in ASEAN

Mounting cybersecurity incidents in the region are not hindering GenAI development as businesses look to AWS to boost their cybersecurity capabilities.

About a month ago, AWS unveiled a suite of new security capabilities at AWS re:Inforce to help customers of all sizes strengthen their digital defenses. Among the announcements included updates to the AWS Security Hub, AWS Sheild and AWS Guard Duty.

AWS Security Hub, which is launched in preview, helps customers identify their most critical security issues and respond quickly to reduce risks. It acts as a kind of ‘security command center’, connecting the dots between different types of security alerts and vulnerabilities. AWS Shield, also in preview, enhances protection for websites and online applications by proactively finding network security configuration mistakes and weaknesses.

Meanwhile, the expanded capabilities for Amazon GuardDuty Extended Threat Detection (XTD) now protects container-based applications running on Amazon Elastic Kubernetes Service (EKS). GuardDuty connects various security signals across customers' systems to detect sophisticated attack patterns that might otherwise go unnoticed.

In a media briefing with journalists from Southeast Asia, Bryce Boland, Head of Security, ASEAN at AWS explained more about the new security capabilities and how they can benefit customers in the region.

According to Boland, all of these announcements are kind of building up to how AWS supports customers on their GenAI journey. He explained that pretty much every company is now entering the phase where they need to leverage AI and drive business value from their technology.

“Given that our customers are on their GenAI journeys, when we talk to them, several key themes are consistently brought up. Our customers know that keeping their businesses up depends on the reliability of their solution and the underlying cloud resilience. Our customers are also looking for ways to improve security while keeping the costs and the complexity of managing it down. And they're also asking us to help them build securely with generative AI,” said Boland.

Key to this is having a resilient infrastructure which Boland believes comes from a defense in depth model. Just as customers have rings of protection for defense, AWS has also multiple layers of protection to protect customers.

“The updated AWS Security Hub helps our customers streamline all of their cloud security operations into one application, and it helps them prioritize their tasks. So, it will help them monitor ongoing security trends. Customers are able to adapt their security controls and their security posture accordingly. It also helps our customers to respond at scale to new threats and new security issues,” explained Boland.

Customers are also concerned about how they can raise the bar on security while also keeping their costs low. Boland highlighted that with AWS, it’s not a contradiction.

“It's important to highlight that security and compliance are a shared responsibility between AWS and our customers. We call this the shared security responsibility model. And AWS is responsible for the security of the cloud, meaning we will ensure that our infrastructure and our services are of the highest standard in cybersecurity. And we continue to innovate there. Our customers are responsible for securing what they build in the cloud,” he said.

Dealing with cyberattacks

While Boland did not comment on any specific ransomware incident in the region, he mentioned that ransomware continues to be a concern for many organizations, and at AWS, they are taking those concerns extremely seriously.

“We have built and designed our cloud infrastructure to be extremely resilient, to eliminate points of access, and to ensure that humans don't have access to operational systems. And there are many measures that we take to prevent the occurrence of ransomware in our core infrastructure. For our customers, they obviously have to make decisions about the controls that they implement,” he explained.

Boland also pointed out that AWS has built tools and services to help customers build securely, to identify where there's risk and potential for exposure, either with vulnerabilities or with inappropriate access permissions. These tools that are provided enable customers to implement appropriate security protection against threats like ransomware.

“For example, customers can use Amazon Code Security to implement checks on their code to make sure that it doesn't have vulnerabilities that could be exploited, to then deploy ransomware either to that company or even to that company's customers. Similarly, we have access control tools like Identity Center. Identity Center has a number of tools available, such as IAM Access Analyzer, that provide our customers with the ability to understand what access has been granted to their resources and ensure that least privileged access has been granted, so they're not giving overly permissive access to their own users or to customers. So, there's a lot of different things that we take in terms of controls to ensure that our customers can build securely on AWS. And that's a continued area of focus for us to try to make it easier for them to do this at scale and also cost effectively,” added Boland.

When it comes to hardening the infrastructure or providing additional controls to some countries in the region against state-sponsored attacks, Boland stated that it’s important to recognize that the AWS infrastructure is critical to many countries' commercial and also public sector operations. As such, AWS cloud is designed and built to meet the needs of the most stringent security standards. He added that AWS supports more than 143 security compliance standards and has regular auditing against those standards to demonstrate that we're compliant with those control requirements.

“Our customers obviously consider us to be trustworthy in that respect and trust us to operate the cloud securely as well. In terms of additional controls, we don't think of it that way. We think of it as all of our customers need to have a very high level of security. And so, we implement consistently the highest levels of security controls to ensure it with the security environment that we operate in. I don't think that is specific to any country, but we do understand that every country has its own specific regulations, and we ensure that we're compliant with all of those regulations in every country that we operate,” he said.

Moving security to the cloud

Another interesting point highlighted by Boland is that more customers are moving their security controls to the cloud. While there have been reports of cloud repatriation, Boland stated that AWS has witnessed more customers moving to the cloud to take advantage of its resilience, its scale, and its low cost of operations.

He also pointed out that many organizations that have been late to adopt cloud are now considering cloud to be a first-choice location to move their data-heavy workloads, and that includes security analytics, security logging, as well as taking advantage of services that have been designed in the cloud and bringing those back to the on-prem environment.

“So, for example, we have services for containers, such as EKS Anywhere, that enable our customers to deploy container services and workloads in the same way they would on the AWS cloud and to take advantage of their existing on-prem infrastructure. At the same time, we see customers wanting to take advantage of our identity and access management solutions, being able to provision role-based access as they would in the cloud to their on-prem solutions. So, we continue to support customers no matter where they are on their cloud journey, whether they're at the early stages, or more mature, or looking to balance workloads across different types of environments for their specific needs, and we continue to innovate to provide solutions to those needs,” concluded Boland.