At the AWS Summit San Francisco this week, Amazon CTO and cloud celebrity Werner Vogels shared a variety of Amazon Web Services milestones, and once again stressed the need for speed—as well as the importance of scale and security.
Oh, and to back it up—in a typically wide-ranging 2-hour presentation with cameos from AWS General Manager of Artificial Intelligence Mat Wood and AWS customers like Intuit, healthcare IT giant Cerner, and fitness startup Peleton—Werner introduced several new AWS services, most notably AWS Secrets Manager, designed to plug a well-known cloud security hole. (You can watch the entire keynote in the video embedded at the end of this post.)
AWS Summit San Francisco is just one stop for the AWS Global Summits, and the New Relic Well-Instrumented Tour is going along for the ride—with a Performance Bar and Lightning Talks at our booth and aligned events in 17 cities around the globe, featuring New Relic training, executive meetings, peer networking, and much more.
Cloud—and serverless—momentum accelerates in the enterprise
“The growth of AWS has been spectacular,” Werner told the event’s more than 9,000 attendees, growing more than 45% year-over-year to a greater than $20 billion annual run rate. AWS caters to a diverse customer base of startups, enterprises, government organizations, and nonprofits across a wide range of industries. From oil and gas to financial services, “There’s not a vertical in the enterprise world that is not making use of AWS in some way,” Werner claimed.
Werner also noted the momentum behind serverless, especially among larger organizations. “I am surprised how quickly everyone has picked up that this is the new way to do things,” he said. “The enterprise customer base has been extremely aggressive in adopting the serverless paradigm” and turning to services like AWS Lambda.
Why is serverless so popular? According to Werner, it’s all about enabling “extreme developer productivity” and “completely eliminating infrastructure management” so development teams can “focus more on business logic.” While there’s still a role for virtual machines and containers, he said, with the rise of serverless, compute is catching up to other services because with no more servers to manage, “scaling is no longer something you have to worry about.”
AWS introduces new security tools: AWS Secrets Manager and more
Particularly timely given recent security and privacy controversies and the looming GDPR privacy regulations in Europe, Werner devoted significant time to discussing security, privacy, and compliance issues in the cloud. “It’s our responsibility to protect our customers and their businesses,” he said. “What scares me the most,” he confessed, “is how complacent we’ve been about all the recent data breaches. It’s not acceptable.”
Werner said these issues keep happening because too many software organizations build apps with security as an afterthought: “They write 50,000 lines of code, and then their security team comes in and certifies it. That’s really not working, is it?”
He said security must be automated and baked in from the beginning. He noted that the continuous integration/continuous deployment is a step in the right direction toward better security. After all, it’s a lot easier to check 5 lines of code than 50,000 lines of code. In the end, he said, “the pace of innovation needs to meet the pace of protection.”
Werner then introduced AWS Secrets Manager, which garnered the keynote’s only sustained applause. The issue, Werner said, is that software code often contains corporate secrets, including passwords, database credentials, API keys, and other sensitive data stored in config files.
AWS Secrets Manager, now generally available, is designed to fix a weak link in cloud security by automatically managing secrets for protected access to your IT resources. It can help you:
- Rotate, manage, and retrieve secrets through their lifecycle
- Manage access with fine-grained policies
- Secure and audit secrets centrally
- Pay as you go
Press reports said the new service “could solve one of the biggest security headaches facing users of the cloud platform.… Leaked AWS credentials written into source code have been one of the biggest security risks for customers of the cloud platform. The Secrets Manager will let customers replace that risk with a small function that goes and pulls down the correct credentials when it’s run for database access and connections to other services. The service also handles automatic rotation of those security credentials.”
That’s not all the security and privacy news: Werner also announced a new AWS Config Rules service to help customers manage different compliance configurations across multiple accounts. The new Private Certificate Authority for AWS Certification Manager, meanwhile, lets companies run their own certification authority and decide who will have access to sensitive information. AWS also debuted AWS Firewall Manager, designed to let AWS customers centrally configure and manage web application firewalls. Finally, Werner noted that all AWS services are now GDPR compliant.
Taking security personally
“There’s no reason not to use certification and encryption at this point, so please use them,” Werner begged. Encryption is critical, he said, at a minimum for personally identifiable information and critical business information. Ubiquitous encryption is now integrated into nearly all AWS services, he said, “so please use it.”
The bottom line? “We all need to take responsibility … not just the security team.”
This being AWS, of course, there were also a number of other announcements, including a new S# storage class: S3 One Zone-Infrequent Access, a 20% less expensive—and slightly less reliable—data storage tier that uses only a single availability zone. It’s designed for information that needs to be durable, Werner said, but not necessarily as fully available. And AWS Transcribe and AWS Translate, announced at AWS re:Invent last November, are now generally available. Finally, machine learning framework platform AWS Sagemaker gained support for new types of instances, for testing on local devices, and for Tensorflow 1.6.0 and Apache MXNet 1.1.0.
Don’t Miss the New Relic Well-Instrumented Tour 2018
Aligned with AWS Global Summits, the 2018 New Relic Well-Instrumented Tour brings training, meetings, networking, and more to locations around the world. Learn more >
For a complete look at the presentation, watch the full keynote: