by Jan Michael Carpo, Reporter
At a recent media briefing, a top security expert from Amazon Web Services (AWS) announced that the company has been undertaking significant enhancements to its security features to address the unique challenges of leveraging GenAI, including privacy and data security.
The new security features, which were launched at the AWS re:Inforce Cloud Security Conference held in Philadelphia last June, took into consideration how generative AI is now reshaping the security landscape.
“Securing generative AI (GenAI) workloads is becoming increasingly critical for organizations,” stated Kimberly Dickson, senior worldwide security specialist at AWS, during a virtual media briefing on July 3.
“Generative AI empowers security teams to automate tasks and elevate professional capabilities. It helps companies improve security outcomes by automating routine tasks and providing natural language responses to employee questions,” she added while emphasizing AWS’s commitment to advancing technology in the ASEAN region through a robust “defense-in-depth” approach.
Kimberly Dickson, senior worldwide security specialist at AWS
AWS and its ‘Defense-in-Depth’ strategy for GenAI
AWS encourages customers to adopt a “defense-in-depth” strategy, which involves multiple layers of security controls to protect data and prevent lateral movement. This strategy begins with understanding the shared responsibility model between AWS and its customers.
IMAGE CREDIT: https://johndcyber.com/cloud-security-and-data-protection
“Customers need to understand the shared responsibility model between AWS and the workloads they build on top of AWS,” Dickson said while sharing a drawing of people inside two types of ‘cloud’ — a blue cloud and an orange cloud, with the bigger cloud (Security OF the Cloud) covering the smaller blue cloud (Security IN the Cloud) to illustrate the extent of AWS’ responsibility to its customers.
Explaining the concept of “Security OF the Cloud,” Dickson stated that AWS is responsible for protecting the infrastructure that runs all of the services offered to customers in the AWS Cloud. “This means that when a customer uses our services, they can be assured that the underlying AWS infrastructure is secure and compliant,” she elaborated.
Conversely, in “Security IN the Cloud,” customers are responsible for managing the AWS services they select and the data they build using those services. “AWS customers always own their data. They control where this data resides and who has access to it. However, customers don’t need to handle this alone,” she emphasized.
Dickson also highlighted how generative AI can enhance security operations by automating routine tasks and providing deeper threat insights. AWS’s Amazon Bedrock offers guardrails to filter out harmful content, ensuring the secure deployment of AI models.
For example, CyberAgent, a digital advertising company, implemented a security concierge chatbot using generative AI. This chatbot handles half of the cybersecurity queries from employees, allowing the security team to focus on more critical tasks.
The chatbot also provides instant responses in natural language, demonstrating how AI can streamline security operations.
The briefing concluded with a strong message on AWS’s leadership in secure cloud infrastructure for generative AI. Dickson reiterated AWS’s commitment to enabling customers to innovate securely and efficiently and underscored AWS’s role in driving technological advancements in the ASEAN region to empower businesses with cutting-edge tools and services.
Earlier this year, AWS also announced its commitment to invest US$230 million to help accelerate the development of gen AI startups and applications around the world, including the Philippines.
New Tools and Best Practices from AWS
AWS currently provides a variety of best practice documents, encryption tools, and other guidance to help customers implement application-level security measures. The advantages of using these security tools served as the highlight of discussions at the AWS re:Inforce conference held in the US.
These include:
- Amazon GuardDuty: Advanced threat detection and continuous monitoring now supports Malware Protection for Amazon S3
- AWS Identity and Access Management (IAM): Enhanced control over user permissions and access by supporting passkeys as a second authenticator factor to provide easier and more secure sign-ins.
- AWS CloudTrail Lake: Comprehensive logging and monitoring of AWS account activities now has a preview of natural language query generation to make it faster and easier for security teams to comb through logs.
- AWS Audit Manager: Now with updated GenAI best practices for Amazon SageMaker, providing better visibility, data source mappings, and automated evidence collection.
In terms of compliance, AWS Audit Manager incorporates best practices from standards such as the NIST Cybersecurity Framework. “The NIST framework for AI also considers aspects like collecting evidence for SOC,” Dickson noted.
“The AWS Audit Manager enables customers to select the security standards that apply to them. While the Audit Manager itself does not change, the types of policies and standards that a customer chooses to attest against can change, and they can configure this within AWS Audit Manager,” she added.
AWS’s advancements in security for GenAI workloads help customers automate security, protect data, and meet compliance standards, all while leveraging the full potential of GenAI.
AWS Doubles Down on Security at re:Inforce
Phil Rodrigues, Global Head of Customer Security Outcomes at AWS, emphasized security as a top priority at the recent AWS re:Inforce conference.
He highlighted how AWS’s cloud security solutions empower customers to:
- Experiment securely: AWS provides a secure environment for innovation, allowing customers to iterate and test new ideas without compromising security.
- Move fast, stay secure: Customers can leverage AWS’s security features to maintain a strong security posture while keeping development cycles agile.
- Innovate with confidence: The recent announcements at re:Inforce, including advanced multi-factor authentication and GenAI security tools, equip customers to leverage cutting-edge technologies securely.
Rodrigues also reiterated AWS’s commitment to continuous improvement, saying, “Our focus is to continually raise the bar for security in the industry.”
These advancements only underscore AWS’s dedication to helping customers unlock the full potential of GenAI while maintaining robust security for their data and applications.