Security is often tapped as a top barrier to cloud adoption in multiple surveys that attempt to assess cloud usage. Cloud giants like Amazon have heard these concerns loud and clear and are doing their best to make users feel more confident about cloud deployments.
At this week’s Amazon’s AWS re:invent conference, Andy Jassy, senior vice-president of Web Services at Amazon, announced the new Amazon Inspector service. Inspector can be used to detect and remediate security issues, explained Jassy during his keynote.
The Inspector is able to assess multiple components including network, virtual machine, operating system and application configurations. It also has a built-in content library that can check a deployment against common security standards and known vulnerabilities. Finally, the system is able to provide AWS users with detailed reports and a dashboard of Inspector activity.
“During the assessment, an Inspector Agent running on each of the EC2 instances that play host to the application monitors network, file system and process activity. It also collects other information including details of communication with AWS services, use of secure channels, network traffic between instances and so forth,” Jeff Barr, chief evangelist at Amazon Web Services, wrote in a blog post. “This information provides Inspector with a complete picture of the application and its potential security or compliance issues.”
While Amazon officially announced the Inspector service on Oct. 7, it is not yet publicly available. There is an invite-only list to request access to a preview when it becomes available later this year.
On a related note, Amazon also announced its AWS Config Rules service this week, which provides a central location for managing policy rules that can have a significant impact on cloud security.
“AWS Config Rules can continuously monitor configuration changes to your AWS resources and provides a new dashboard to track compliance status,” Amazon explains.”Using Config Rules, an IT Administrator can quickly determine when and how a resource went out of compliance.”
Google Cloud Security Scanner
Not to be outdone, Google introduced its Google Cloud Security Scanner the same day of the Amazon Inspector announcement. Unlike Inspector, Google’s product is already generally available.
“We are pleased to announce the general availability of Cloud Security Scanner, a tool which enables App Engine developers to proactively test their applications for many common web application security vulnerabilities,” Matthew O’Connor, product manager at Google, wrote in a blog post. “For example, it can detect issues like cross-site scripting (XSS), Mixed Content, and Flash Injection or alert you to the usage of insecure Javascript libraries.”
[Source:- Esecurityplanet]
