Securing generative AI (GenAI) workloads is increasingly becoming a priority for organizations. Amazon Web Services (AWS) enhanced its security features to address the challenges that come with leveraging GenAI.
Kimberly Dickson, senior worldwide security specialist at AWS, highlighted the cloud computing company’s defense-in-depth approach.
“Generative AI empowers security teams to automate tasks and elevate professional capabilities,” explained Dickson. “The technology helps companies improve security outcomes by automating routine tasks and providing natural language responses to employee questions.”
However, companies should have visibility and confidence in their security posture. She referenced AWS’ joint study with IBM, which revealed that only 24% of businesses have secured, or are working on securing, their existing GenAI projects.
AWS customers are provided with a GenAI risk matrix to assess their progress in securing their applications. Customers are advised to adopt a defense-in-depth strategy for GenAI workloads, which involves using multiple layers of security controls to protect data and prevent lateral movement.
Defense-in-depth approach
The defense-in-depth approach involves layered security controls specifically designed for GenAI workloads. Dickson emphasized that this strategy begins with understanding shared responsibility models.
“Customers need to understand the shared responsibility model between AWS and the workloads they build on top of AWS,” she explained. “In terms of Security OF the Cloud, AWS is responsible for protecting the infrastructure that runs all of the services we offer to customers in the AWS Cloud. This means that when customers use AWS services, they can be assured that the underlying AWS infrastructure is secure and compliant.”
On the other hand, Security IN the Cloud means that customers are responsible for the AWS services they select and the data they build using those services. This determines the extent of configuration work customers must perform as part of their security responsibilities.
“One important thing to note is that AWS customers always own their data,” Dickson emphasized. “They control where this data resides and who has access to it. However, customers don’t need to handle this alone.”
AWS provides a wide variety of best practice documents, encryption tools, and other guidance to help customers implement application-level security measures. It also offers hundreds of tools and features to assist customers in meeting their security objectives.
At AWS re:Inforce 2024, the company highlighted:
- Amazon GuardDuty: Advanced threat detection and continuous monitoring now supports malware protection for Amazon S3.
- AWS Identity and Access Management (IAM): Enhanced control over user permissions and access by supporting passkeys as a second authenticator factor to provide easier and more secure sign-ins.
- AWS CloudTrail Lake: Comprehensive logging and monitoring of AWS account activities now has a preview of natural language query generation to make it faster and easier for security teams to comb through logs.
- AWS Audit Manager: Now with updated GenAI best practices for Amazon SageMaker, providing better visibility, data source mappings, and automated evidence collection
AWS Audit Manager has an updated GenAI best practices framework for visibility in Amazon SageMaker. It also updates data source mappings and automates evidence collection for Amazon SageMaker.
In terms of compliance, Dickson noted that the frameworks in AWS Audit Manager incorporate best practices from standards such as the NIST Cybersecurity Framework.
“The NIST framework for AI also considers aspects like collecting evidence for SOC,” she noted. “These are just security standards that customers typically need to adhere to. AWS Audit Manager also enables customers to select the security standards that apply to them. So, while the Audit Manager itself does not change, the types of policies and standards that a customer chooses to attest against can change, and they can configure this within AWS Audit Manager.”
AWS is advancing security for GenAI with new tools and a robust model. These enhancements help customers automate security, protect data, and meet compliance standards while leveraging the full potential of GenAI.
The thumbnail image is AI-generated.