Amazon Web Services Now has a Tool for Managing ‘Secrets’
Even companies have secrets that must never be revealed to outsiders. These include passwords, API keys and other credentials that could spell trouble and even cost the company money if they fall into the wrong hands.
In this age where data breaches are a fact of life, securing company data has become even more important since businesses are now moving their systems into the cloud. In response to this need, cloud computing giant Amazon Web Services (AWS) just launched a slew of services that provide businesses with easy-to-use tools to help them secure their cloud data.
One of these new services is the appropriately named Secrets Manager, which can be used by companies to store very important information such as passwords. AWS’s new offering is timely considering the latest round or reports saying that improperly stored passwords on the platform had been compromised by cyber attacks.
“You never, ever again have to put a secret in your code,” Amazon CTO Werner Vogels assured audiences during the AWS Summit. Vogels added that the service “allows us to build systems that are way more secure than we could ever do in the past.”
The Secrets Manager tool is not AWS’s first tool geared toward enhancing cybersecurity for its clients. The company previously introduced a simpler security system which was capable of storing encryption keys and worked with dedicated hardware modules.
This time, however, the brand new AWS Secrets Manager has a broader use. Aside from storing passwords, the tool can also be used for storing database login data as well as keys to application programming interfaces for other services.
Along with Secrets Manager, AWS also launched the Firewall Manager. It gives clients centralized control over security policies across their entire organization and can also be used for control over multiple accounts and applications. The tool makes it easier for clients’ security teams to spot non-compliant applications and resolve issues in minutes.
The recent tools are well-timed to address the security concerns clients might have raised in light of the recent incidents of data breaches in the cloud service. In October 2017, Accenture’s data stored by AWS was leaked and over 40,000 passwords were compromised. The Australian Broadcasting Corporation also experienced a data leak which included login information in November of last year.
Of course, the new AWS tool isn’t free. The company charges 40 cents per secret per month as well as 5 cents per 10,000 programmatic requests.