Amazon Improves Cloud Security with Macie Machine Learning Service

Amazon announces new services at the AWS Summit in New York City including data transformation, cloud migration and machine learning security offerings.

AWS Macie

Amazon Web Services (AWS) announced a series of new services today at the company's AWS Summit in New York City, including migration, Glue data transformation, Macie machine learning security and CloudHSM Hardware Security Module offerings.

While many organizations have chosen to build new applications on AWS, Adrian Crockfort, vice president of cloud architecture at AWS said during his keynote that many organizations are also choosing to move entire data centers to the cloud. In an effort to help make the move to the cloud easier, AWS today announced the AWS Migration Hub.

"The migration hub simplifies and accelerates discovery and migrations from your data centers to the cloud," Crockfort said. 

The new AWS migration hub includes discovery, server and database migration, as well as tracking and management features for organizations looking to move to the public cloud. The new migration hub is a free service for AWS customers and is available globally.

Among the key use cases for many organizations moving to the cloud is machine learning and data analytics. Matt Wood General Manager of Artificial Intelligence at AWS said during his keynote that a key challenge for many organizations and data scientists is loading and transforming data from one source to another so it can benefit from machine learning models. To that end, Wood announced the new AWS Glue service which provides managed extract, transform and load (ETL) capabilities.

Wood explained that users simply need to point the Glue service at a data store and Glue will do the rest to properly extract the data so it can be used in machine learning and data analytics processes.

"I am unapologetic about how easy it is to use," Wood said as he showed the simple screen that Glue provides users to transform data.


Amazon is now also set to use machine learning to help AWS customers with security as well. Wood announced the new Macie service that uses machine learning to automatically discover potentially sensitive information on customer AWS services that are publicly exposed.

Wood said that the machine learning model in Macie will continuously scan for sensitive data in shared content, including publicly available Amazon S3 storage instances to help organizations understand where sensitive information is stored and shared. He added that Macie will also help organizations to take corrective actions, including fixing permissions on content to make it non-public. 

The security implications of making sure that private information is not shared publicly extend to regulatory compliance, including PCI-DSS (Payment Card Industry Data Security Standard) as well as the upcoming European Union GDPR (General Data Protection Regulation).

"Macie is a GDPR enabling service," Wood said. "Just by switching this service on, you can start to visualize and understand vulnerabilities, fix those vulnerabilities and get a continuous assessment of your compliance with regulations such as GDPR."

While Amazon Macie provides a machine learning technology to help cloud users to identify and secure sensitive information, organizations can also choose to properly protect information stored in AWS S3 storage with new rules announced today for the AWS Config service as well. Crockfort said that the AWS Config rules now enable organizations to block public read and writes to S3 storage instances.

There have been multiple instances reported in recent months of organizations incorrectly making private information publicly available via S3, which is something the new AWS Config rules will help to prevent such breaches in the future.

Crockfort also announced the new generation of the AWS CloudHSM service. Hardware Security Modules (HSMs) are devices used for securely storing cryptographic information. The new AWS CloudHSM offering is now a fully managed service from Amazon that has achieved full FIPS 14-2 level 3 compliance certification enabling it to be used in the U.S government and regulated industries.

"So in conclusion, there really has never been a better time to build with AWS, we have an accelerating pace of innovation, we're adding new products and features all the time," Crockfort said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.