momius - Fotolia
NEW YORK -- Amazon continues to push automation and native integration as it deepens ties between its various services to keep users content within its own ecosystem.
A handful of services rolled out at an AWS Summit here this week cover a wide range of needs, but with a particular focus on security and monitoring. Many of the new AWS updates had a strong enterprise slant, including a migration hub intended to address the complex web of dependencies that come with moving databases and applications out of customers' private data centers.
One of the more forward-leaning services is Amazon Macie, which uses machine learning to detect security anomalies in Amazon Simple Storage Service (S3). After it establishes an activity baseline, the fully managed service can recognize personally identifiable information or intellectual property, even if that data hasn't been categorized as such. Users can view a dashboard or receive alerts to respond when data is being accessed.
IT teams can link Amazon Macie to Amazon CloudWatch Events, and the service will support API endpoints and AWS SDK later this year. These additions will enable customers to link Macie to third-party tools.
"It's an interesting stab at a problem that needs to be addressed in unstructured data," said Carl Brooks, an analyst with 451 Research. "It's got potential, but like everything else machine-learning-related, there's going to be a fairly long learning curve for both users and the machines."
Macie uses natural language processing to identify commonalities and group data. It can recognize different file structures and source code, but the service's ability to work with unclassified data sets it apart from other security services, said Bill Shin, principal security solutions architect at AWS.
"That's why data classification is traditionally so difficult -- it requires someone to do that upfront, and largely, people don't do that," he said. "There's all this data coming in now, and it's not really feasible to expect people to classify data consistently."
Meanwhile, several other AWS updates targeted existing security features. AWS CloudHSM has been upgraded to more closely reflect the public cloud model. Amazon's cloud-based hardware security module to generate and use encryption keys on AWS is now pay-as-you-go, fully managed and scalable. It integrates better with native AWS tools and supports compliance with Federal Information Processing Standard 140-2 from Level 2 to Level 3.
Additionally, two new AWS Config Rules will secure S3 buckets. User-side security on AWS has come under scrutiny in recent months, as high-profile users, such as a Republican National Committee contractor, have been caught with exposed S3 buckets. These new rules identify buckets that enable global-write access -- a rarely needed configuration -- and flag content that is publicly available.
AWS updates also included encryption at rest for Amazon Elastic File System -- a common request among AWS users.
More to help enterprises work in the cloud
One of the more talked-about AWS updates here is the general availability of AWS Glue in the U.S.-East (N. Virginia) region. First available for testing late last year, the extract, transform and load service is fully managed and intended to ease the loading and normalization of data into various AWS utilities for analyses.
The New York City Department of IT and Telecommunications wants to build data-as-a-service tools for the city's various governmental agencies; Glue could help build a platform to use data across agencies, said Murugan Kanpa, senior solutions architecture manager at the organization.
"If one agency is publishing the data and another agency needs the data, they have to go through a development team," he said. "We want to provide a platform to seamlessly share among themselves."
Amazon added middleware for the cloud to Glue -- yet another sign of the increasing maturity of AWS, Brooks said.
"It's not traditional middleware, but it's performing that function between the application and the business outcome -- and you need that stuff," he said. "They're now enterprise-grade, and they're building out tool sets to support their tool sets and their platform."
AWS also pooled some of its migration services to address challenges with moving more complex workloads to the cloud. AWS Migration Hub combines AWS Application Discovery Service for discovery and system information collection, AWS Server Migration Service and AWS Database Migration Service to move workloads and databases to Amazon's data centers, and a set of partner tools geared toward data migration.
This is yet another example of Amazon emphasis on more complex enterprise workloads, beyond the many simple enterprise migrations to the cloud already completed or underway.
Having proper integrations and visibility to understand the various application dependencies becomes critical to a successful migration, said Steven Horwitz, CEO for Atlanta-based Racemi, an Amazon migration partner.
"We're seeing through our partners much more complex databases and applications that have deep integration points throughout their stack," he said. "You really need to be conscious of that and make sure you have a good plan."
Trevor Jones is a senior news writer with SearchCloudComputing and SearchAWS. Contact him at [email protected].
AWS upgrades cross-account automation
Greengrass pushes AWS to the edge
Watch out for these common AWS migration mistakes