Amazon’s AWS Control Tower aims to help secure your data’s borders

Amazon’s AWS Control Tower system, designed to let users more easily manage complicated cloud environments with multiple accounts and wide arrays of services, now has 65 new controls and rule sets aimed at managing digital sovereignty concerns.

The new controls, which the company announced in a blog post on Monday during its week-long re:Invent conference, focus on allowing users to comply with complex regulatory and security requirements in a more programmatic way, adding features like the ability to mandate certain Nitro instance types for particular EC2 hosts, and implementing advanced key management strategies for broader encryption.

Control Tower’s new features also allow for finer control over where, physically, an organization’s data can be stored or sent. Whereas before, the “Region” system could only be applied to a single landing zone — Control Tower’s dedicated “home” area for managing governance, risk and compliance (GRC) policy — users can now mark out regional controls for data based on individual organizational units and accounts globally. This, the company said, makes it easier to customize restrictions on the storage and movement of data.

This week’s release is the latest step in Amazon’s work toward fulfilling the “AWS Digital Sovereignty Pledge” that it made a year ago — the company promised last November to offer the “most advanced set of sovereignty controls and features available in the cloud.” Its Nitro System hypervisor, which underlies its latest EC2 instances, is the centerpiece of these efforts, but other parts of the vast Amazon cloud empire have received updates as well.

“We launched AWS Dedicated Local Zones, a piece of infrastructure that is fully managed by AWS and built for exclusive use by a customer or community and placed in a customer-specified location or data center,” the company’s blog post read. “And more recently, we announced the construction of a new independent sovereign Region in Europe.”

The rapidity with which compliance and security requirements have grown and become more complicated is the underlying motive for Amazon’s data sovereignty initiative. Specific industries, like utilities, heavy industry, aerospace and healthcare, tend to have strict requirements for control of sensitive data, making it more difficult to take full advantage of cloud technology. Moreover, different jurisdictions, like the EU and US, have quickly evolving regulatory regimes that businesses must stay compliant with.

“Many customers have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow,” Amazon said.

Cloud Security, Regulation

Go to Source