As more people are working from home than ever before, there is an increasing demand for communication services. But security needs to be a key consideration as businesses adapt to a new way of working, as my colleagues John Tolbert, Matthias Reinwarth, and Alexei Balaganski have pointed out in their recommendations on responding to the Covid19 pandemic.
The move to cloud is obvious
For many organizations, meeting the challenges presented by the pandemic means making a quick move to the cloud, but as Matthias points out, this must be managed properly with security in mind.
AWS, which places a great deal of emphasis on security and claims that all its services are secure out of the box, is inevitably seeing a huge spike in demand for its cloud-based communication services, but is well-positioned to meet the change in demand and usage patterns.
AWS reports reductions in demand from some customers and increases in others, depending on how those organizations are being impacted by the pandemic. This is easily managed for AWS, which is able to scale in both directions as demand requires.
As noted by my colleagues, organizations should seriously consider the security implications of employees using their own, potentially malware infested, laptop and desktop computers when working from home.
Remote desktops a good option
In the light of the risk of malware on employee laptops and desktops, organizations should consider using a remote desktop. According to AWS, it is seeing an increase in demand for its WorkSpaces service which is a secure desktop-as-a-service solution for Windows or Linux.
This approach makes sense during the pandemic because organizations do not need to provide laptops and desktops to all employees because those that have their own equipment can use it to access to a remote desktop, but without malware and other security concerns. The service can also be deployed without delay. According to AWS, WorkSpaces can be deployed in as little as 5 minutes.
The approach inserts a logical gap between the employees’ laptops and the enterprise environment because the processor and operating system are provided by the supplier of the remote desktop service.
The location of AWS data centres in Dublin, Frankfurt and Paris ensures that there are no latency problems within Europe.
The recent security warnings about vulnerabilities in the Windows client of the Zoom video conferencing app have underlined the importance of choosing a secure video conferencing option.
AWS is offering a three-month free trial of its new Chime Professional communications service, which AWS uses internally. The service is designed with regulations such as the EU’s General Data Protection (GDPR) in mind. Chime Professional allows users to choose where the communications bridge is located, and the service is designed so that no traffic will leave the region of the chosen bridge location.
In addition to capacity provided by regional data centers, AWS is considered part of critical national infrastructure in many European countries, which means that governments have a vested interest in providing support wherever it may be needed.
Due to compliance with German cyber security legislation, Amazon Elastic Compute Cloud (EC2), CloudFront content delivery network and Route 53 domain name service (DNS) have official recognition as critical infrastructure in Germany.
AWS does not anticipate any limits or restrictions regarding the availability of AWS services or restrictions on AWS usage as a result of COVID-19. The AWS Cloud is built for customers to scale up as needed, so they can continue to use AWS as normal.
New AWS security capabilities
Access Analyzer and Amazon Detective, two innovations announced the AWS re:Invent conference in Las Vegas in December 2019, are now generally available.
Access Analyzer is a new Identity and Access Management (IAM) capability for Amazon S3 (Simple Storage Service) to make it easy for customer organizations to review access policies and audit them for unintended access.
Access Analyser is a feature of AWS accounts offered at no additional charge that provides a single view across all access policies to determine whether any have been misconfigured to allow unintended public or cross-account access.
The newly available Amazon Detective security service is designed to make it easy for customers to conduct faster and more efficient investigations into security issues across their workloads.
Amazon Detective helps security teams conduct investigations by automatically analyzing and organizing data from AWS CloudTrail and Amazon Virtual Private Cloud (VPC) Flow Logs into a graph model that summarizes resource behaviors and interactions across a customer’s AWS environment.
Amazon Detective’s visualizations are designed to provide the details, context, and guidance to help analysts determine the nature and extent of issues identified by AWS security services like Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Security Hub, to enable security teams to begin remediation quickly.
It is good that security is an integral part of all AWS services, and that AWS is continually improving existing services as well as adding new services to further enhance existing security services, that will now appeal to a whole new market as organizations look for ways to keep working.