eWeek | March 28, 2019
Amazon Web Services (AWS) is the leader in the public cloud market and it shows no signs of slowing down anytime soon. At the AWS Summit in Santa Clara on March 27, the public cloud provider announced several new services and capabilities, while reinforcing core elements of its platform growth including artificial intelligence and security. Among the new services is a concurrency service for the Redshift data warehouse, deep learning containers and the general availability of the App Mesh service mesh. Across all aspects of the cloud however, AWS sees security as being a foundational element. "I really want to emphasize that security is everyone's job," Amazon CTO Werner Vogels said during his keynote. "Because in the future, it is us as technologists that are responsible for protecting our customers and our businesses."Among the core areas of innovation that Vogels spent time discussing is AWS' expanding database capabilities in the cloud, which he sees as a key differentiator against rivals, including Oracle. Vogels said that because AWS has a new architecture that isn't reliant on legacy models for database deployment, it has been able to apply distributed systems techniques that have improved overall reliability and performance.
Infosecurity Magazine | February 11, 2019
A security issue that affects several open source container management systems, including Amazon Linux and Amazon Elastic Container Service, has been disclosed by AWS. The vulnerabilities (CVE-2019-5736) were reportedly discovered by security researchers Adam Iwaniuk, Borys Poplawski and Aleksa Sarai and would allow an attacker with minimal user interaction to “overwrite the host runc binary and thus gain root-level code execution on the host.” Also among the affected AWS containers are the service for Kubernetes (Amazon EKS), Fargate, IoT Greengrass, Batch, Elastic Beanstalk, Cloud 9, SageMaker, RoboMaker and Deep Learning AMI. In its security issue notice published 11 February, AWS said that no customer action is required for those containers not on the list. Though blocked when correctly using user namespaces, the vulnerability is not blocked by the default AppArmor policy or the default SELinux policy of Fedora [++], according to Sarai. A common type of container exploit, this vulnerability is known as a host breakout attack, according to Praveen Jain, chief technology officer at Cavirin. “That these still occur, and will continue to occur, is all the more reason to ensure you have the people, processes and technical controls in place to identify and immediately remediate these types of vulnerabilities with a goal of securing their cyber posture.” If malicious actors were to leverage this vulnerability, Sarai said they could create a new container using attacker-controlled images or attach to an existing container to which the attacker had previous write access. “This is the first major container vulnerability we have seen in a while and it further enforces the need for visibility of your hosts and containers both in the cloud and traditional data centers using docker and other containers,” said Dan Hubbard, chief product officer at Lacework.
SDxCentral | January 17, 2019
Amazon Web Services announced AWS Backup, a centralized service for customers to back up their data across both AWS’ public cloud as well as their on-premises data centers. The company said enterprises are having to deal with data located in multiple services such as databases, block storage, object storage, and file systems. While all of these services in AWS provide backup capabilities, customers often create custom scripts to automate scheduling, enforce retention policies, and consolidate backup activity to better meet their business and regulatory compliance requirements. AWS Backup removes the need for custom scripts by providing a centralized place to manage backups. Using the AWS Management Console, customers can create a policy that defines how frequently backups are created and how long they are stored. Bill Vass, VP of storage, automation, and management services at AWS, said in a statement that many customers want one place to go for backups versus having to do it across multiple, individual services. “Today, we are proud to make AWS Backup available with support for block storage volumes, databases, and file systems, and over time, we plan to support additional AWS services,” said Vass. Initially, AWS Backup is integrated with Amazon DynamoDB, Amazon Elastic Block Store (Amazon EBS), Amazon Elastic File System (Amazon EFS), Amazon Relational Database Service (Amazon RDS), and AWS Storage Gateway.