The Amazon data centre – does the future of cybersecurity belong with big corporations?

Amazon recently launched their Amazon Web Service (AWS) – a completely separate arm to their huge retail business. The ever-expanding company has been hugely successful, primarily by embracing the modern method of online retail.

The AWS is marketed at all businesses and organisations: large, small, and even start-ups. Its services include database storage, analytics and management services, and they pride themselves on providing ‘flexibility, scalability and reliability’. The seemingly impressive service has already attracted many high profile companies and organisations including British Gas; Just Eat; Channel 4 and Trainline.

AWS encourages companies from all sectors, boasting testimonies from a huge range of companies as ‘case studies’. The U.S. seems to trust the services as a number of organisations requiring a high level of security, as well as governmental organisations, have reportedly joined. They include:

• The Federal Food and Drug Agency;
• NASA’s Jet Propulsion Laboratory;
• Orion Health;
• Department of Defence.

The incredible list of users effectively advertises the idea that the AWS is secure, but it could also expand the target on its back. Data hackers are often drawn to large and seemingly impenetrable security walls; the more difficult the target is, the more rewarding it may be to penetrate.

Amazon seems to be taking security extremely seriously, saying that “Cloud security at AWS is the highest priority”. Strolling through their website, it does look like they’ve made a huge effort to make sure its security is absolutely watertight. AWS reportedly utilises:

• Infrastructure security: firewalls, encryption, levels of privacy for office environments;
• DDOS Mitigation: automatic response to reduce impact of heavy repetitive attacks;
• Full data encryption;
• Amazon Inspector: monitors and assesses inventory and configuration;
• Visibility: users can see exactly who, what and when log ins and calls are made;
• Alert notifications;
• Penetration testing.

For the last one, Amazon actually welcomes penetration testing where customers can request permission to test the security systems as well as conduct vulnerability scans. If it stands up to it, fair play. If it doesn’t, Amazon can deal with the security breach immediately to rectify the vulnerability and reinforce themselves in a controlled environment.

As impressive as all of this sounds, data breach concerns will always be there, which appears to be why AWS has an automatic notification and response system. Nothing will likely ever be 100% impenetrable: it’s just a matter of when and how the breach is dealt with. No matter how small a data leak is, there is usually always be damage. Once a snippet of information is out there, who knows how far it can go?