AWS re:Invent 2023 – AWS Security Heads to Space

The security theme blasted off to space with by mid-conference interviews at AWS re:Invent. Clint Crosier, Director Aerospace and Satellite Solutions at AWS took time out of his busy schedule to chat with me about AWS and its project to enable the development of space-based operations.

AWS re:Invent 2023 a summary

Clint’s organization is global and tasked with bringing cloud tech to space. His team has a focus on space, aerospace and geo-spatial development, keeping a key eye on operational enablement. His function has ownership of 11 ground stations around the world that act as a peering stations for the space born units they communicate with.

Over 3,500 space born objects like satellites are running today, with a 10x increase expected over the next decade. AWS’s strategic investment in developing space born infrastructure, which is a risky proposition. Clint, and AWS, believe that space startups will sharply increase as humanity looks to the stars, which is reason enough to be part of the story.

The problems of data security for this new frontier are a real problem, which the team foresaw. Clint’s team developed, in partnership with a key technology partner called SpiderOak, detection and resolution technology based solutions to secure the data trail from space born stations to AWS’s ground station network. Both the ground station and the cloud region would be in close to each other to reduce latency in hard-wired data transmission.

Once in the AWS cloud, the trail ends with arrival at AWS services like Amazon SageMaker and Amazon Q for processing. It’s important to note earth observational projects currently use the service, and space exploration will incrementally increase its usage as projects spin up. NASA passed AWS Snowcone as an acceptable space born edge computing device, after 7 months of testing at the international space station. This success has completed the space-based data pipeline for AWS.

Axiom Space has gone all-in with AWS for their new space station, due to launch in 2026. They will use Clint’s global function and their breakthrough data pipeline for space to ground operations. AWS, in partnership with SpiderOak, will secure this new use case by establishing a lineage of secured space communications.

I found Clint’s enthusiasm to be infectious as he recounted his 3 years with AWS. It’s clear that this is just the beginning of an epic journey into space for AWS and its customers, and certainly a case of “watch this space” in AWS’s journey.

As the theme of pioneering security kicked off with a flourish, I then met with Esteban Hernandez from AWS Security EMEA. We had an interesting chat about the CyberSecurity industry, and AWS’s security products. Esteban advises that security as a function is now asking the correct questions, such as where is my data going?

The techniques and best-practices for security in the modern era are evolving with threats, including the responsible use of AI in the cyber security lifecycle. He also made a valid point about these efforts been in context to the business. Security’s updated role is to be an enabler of digital business through its policies and practice implementations.

We then talked about AWS’s range of existing security products. This included Amazon Inspector, Amazon Guardduty, and IAM Access Analyzer. Some examples of AWS product enhancements in the security area are Amazon Inspector upgrades with Lambda code now scanned by Inspector for vulnerabilities. Inspector also uses generative AI to provide automated remediation capabilities for detections, and assisted patching. This is a huge win for enhancing your security posture.

The conversation moved onto Runtime Analyzer under the hood in for Amazon Guardduty, which is known for its support of EKS clusters. It now extends to ECS and even EC2 in preview mode for this passive monitoring service. We moved into the increasing AI footprint in AWS security products, which includes AWS Config using AI for natural language queries on the state of resource objects. Esteban advised that while AWS Config’s AI automation around remediation is not yet available, they are working on it for future releases.

We then looked at security, the generative AI space, and AWS security products. Esteban tells me that security is at the heart of all their managed products. Esteban cited Amazon Bedrock as an example where the ML training models are configurable with access controls built into its core. For example, if using Amazon Bedrock and Amazon Q in your data pipeline, you can create and individually attach the same security policy to both services.

There is no doubt in my mind that the reputation and trust in the cloud was most difficult to establish for all cloud vendors. AWS’s cultural focus on a security-first approach is undoubtedly an enabler of the massive success that we now just call ‘the cloud’.

By John Mulhall @johnmlhll | john@maolte.ie is a writer with Irish Tech News for over 7 years and also a Founder, Writer, and Engineer with Maolte Technical Solutions Limited. You can learn more about John and his IT services company at https://maolte.ie.

See more stories by John here, and breaking stories on Irish Tech News here.

See more breaking stories here.