Cloud offers secure infrastructure for NZ businesses of all sizes.
By Phil Rodrigues, Global Head of Customer Security Outcomes, Global Services Security, Amazon Web Services (AWS)
As a result of the $7.5 billion AWS is investing in building hyper-scale data centres in New Zealand, local businesses and citizens are on the cusp of accessing unprecedented cloud computing and data storage capacity from right here.
The infrastructure is arriving at an ideal time. Cloud enables local businesses and government agencies to experiment, innovate and scale transformative solutions using the latest technologies, such as artificial intelligence (AI).
This functionality, resilience and the economies of scale public cloud offers underpins why the New Zealand Government adopted a Cloud-First policy for its information systems. So many businesses have taken the same approach, opting to use public cloud services where possible.
Another key reason for adopting cloud is to take advantage of enhanced security measures. And being the world’s largest provider of public cloud services helps us deliver these. Since AWS was launched in 2006, we have prioritised and made significant investments in cyber security. That commitment to securing our customers’ data and applications, and supporting them to adopt best practice security practices, is why some of the world’s largest and most risk sensitive banks, healthcare organisations, governments, and defence agencies look to AWS to protect their data.
Despite that, there’s a lingering perception that public cloud infrastructure is less secure than on-premises and private cloud infrastructure. I’d like to outline why, in reality, that is not the case.
Multiple layers of security
When it comes to security, AWS’s level of investment and expertise is beyond the reach of most individual organisations. AWS’s security teams are constantly monitoring for threats, updating our systems, and developing new security innovations that benefit all customers.
We offer a level of protection that we believe is second to none, from the multiple layers of physical security at our AWS data centres, to offering our customers advanced security tools like fine-grained access control and full encryption capabilities.
New Zealand’s economy is made up largely of small businesses, which a recent report from the National Cyber Security Centre (NCSC) revealed are the target for nearly half of all cybercrime. The estimated cost of a serious data breach for a business is $173,000.
But just over half of small to medium businesses (SMEs) have cyber security as a top priority and less than half say they are prepared for a cyber incident, according to the same survey. AWS works with businesses of every size to address cybersecurity, from fledgling two-person start-ups through to some of the largest companies in the world. By using AWS, even the smallest customer benefits automatically from the infrastructure security and services we’ve invested in to secure the trust of our most risk-sensitive customers.
As a business scales within the cloud, security scales along with it automatically. This is far more challenging to accomplish with on-premises systems where scaling security will likely require significant additional investment.
That’s not to mention our infrastructure’s resilience – the ability to continue to operate when disruptions happen. The AWS Region in New Zealand includes multiple data centres that are far enough away from each other to avoid the impact of any unexpected or unavoidable issues like a widespread power outage, or a weather event, but designed in a way that delivers fast data transfer and service continuity across the AWS network.
AWS has been operating in New Zealand for over 10 years with a team of more than 150 employees across the country. We’re proud to be partnering with local New Zealand businesses, providing them with top security at the highest levels – the same we offer to our customers around the globe. This includes the latest intelligence on cyber security threats, constant updates in security service functionality all while keeping prices as low as possible for our customers. Being a global company allows us to offer this world-class security to our customers in New Zealand. Security has always been, and continues to be, our number one priority – from how we design our data centres to how our services are delivered.
Stringent legal and privacy protections
Another misconception I hear is that because AWS New Zealand is a part of a US-headquartered company, US law enforcement or government agencies somehow have unfettered access to data stored on our infrastructure, no matter where it is in the world. That is simply not true.
The Clarifying Lawful Overseas Use of Data Act, more commonly known as the CLOUD Act, was introduced in 2018 and amended the Stored Communications Act. It does not grant US government agencies or US law enforcement with unrestricted access to the data stored in the cloud – irrespective of which country it is in. There are stringent legal and privacy protections that apply when a US law enforcement agency applies for a warrant relating to a serious crime that’s under US jurisdiction. The CLOUD Act affords companies the right to push back against overbroad or otherwise inappropriate requests as a matter of course regardless of where data is located, including where the request may conflict with local laws. When AWS receives a request for data located outside the United States, we have tools to challenge it and a long track record of doing so. Twice a year, we publish data on our website outlining the type and volume of information requests to maintain transparency in this area.
The bottom line is that customers who choose to store their data in the AWS Region that is being built in New Zealand will be able to choose to have their data stay inside of New Zealand’s borders at all times. They have total ownership of their data, can choose where it is stored and where it stays.
We know how important protection of data is to our customers, and in New Zealand this has a particular resonance and importance for Māori. In conjunction with Māori partners and advisers, we’ve introduced the Māori Data Lens for the AWS Well-Architected Framework, the first of its kind for AWS globally, reflecting important considerations and best practices on how to secure and protect Māori data as a taonga (treasure) when using cloud technology. AWS is committed to offering and respecting data sovereignty.
Shared responsibility
AWS has been architected to be the most flexible and secure cloud computing environment available today. We believe that security is everyone’s responsibility and when we’re all working towards the same goal, we’re more likely to succeed. When it comes to maintaining the security of our customers, we operate a shared responsibility model. AWS takes on the security of the cloud – we develop, deploy, and maintain the infrastructure that supports digital service development, and our customers manage the security of their own applications and data, ensuring security in the cloud. They don’t do this alone. Support for our customers takes many forms and is tailored depending on their needs. This can be anything from training and accreditation programs, encryption services, technical recommendations, or support in developing internal governance programmes.
We’re strong supporters of the efforts being driven by New Zealand’s NCSC to increase cybersecurity posture, including its 2022 Cybersecurity Framework. Cyber Smart Week, held every year around October is a great way to help people become more cybersecurity aware and learn ways they can help improve their own cybersecurity practices. AWS has worked with the Government to develop conformance guidance that’s mapped to the New Zealand Information Security Manual. This baseline security template offers specific instructions to New Zealand government agencies about the 150 security controls that they need to apply to meet the NCSC’s guidance for how to be secure in the cloud.
All these measures make AWS the ideal platform on which to pursue a secure, cloud-first strategy. As we prepare to launch the New Zealand AWS Region, we will continue to collaborate with our customers, community, industry, small businesses, and Government agencies to help them securely leverage our infrastructure and services.