If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services.
On Wednesday, Amazon announced the private preview of a pair of products that are designed to help companies keep the resources and workloads they have stored in the AWS cloud compliant with security policies. The first is called Amazon Inspector, and it's supposed to provide a comprehensive set of rules that costumers can automatically check their applications against. Those rules can include industry best practices, compliance standards and more.
Inspector helps companies make sure that they're not introducing new problems into their applications when they're quickly rolling out new features. Once a company has hooked Inspector up to a group of instances that make up an application, Amazon's service will run at a specified interval to make sure it's still in compliance with policies. If something is off, administrators will get a report from Inspector outlining the problems that it spotted.
Amazon hasn't announced pricing for the service, but it seems like a powerful tool for companies that want to make sure they're following the best practices for locking down applications.
A new AWS Config Rules service lets companies set rules about how each of their instances must be configured, and apply certain policies if those rules aren't followed. For example, a company could say that all instances have to be spun up within a Virtual Private Cloud, and automatically terminate those that aren't. Or, in a less draconian case, they could automatically encrypt instances that were started unencrypted.