Skip to content

Posts from the ‘Amazon’ Category

The Truth About Privileged Access Security On AWS And Other Public Clouds

 

Bottom Line: Amazon’s Identity and Access Management (IAM) centralizes identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today.

AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with the essentials to support IAM, the free version often doesn’t go far enough to support PAM at the enterprise level. To AWS’s credit, they continue to invest in IAM features while fine-tuning how Config Rules in their IAM can create alerts using AWS Lambda. AWS’s native IAM can also integrate at the API level to HR systems and corporate directories, and suspend users who violate access privileges.

In short, native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud, and more provides enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments.

The Truth about Privileged Access Security on Cloud Providers Like AWS

The essence of the Shared Responsibility Model is assigning responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities to AWS and assign the securing of operating systems, platforms, and data to customers. The AWS version of the Shared Responsibility Model, shown below, illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

AWS provides basic IAM support that protects its customers against privileged credential abuse in a homogenous AWS-only environment. Forrester estimates that 80% of data breaches involve compromised privileged credentials, and a recent survey by Centrify found that 74% of all breaches involved privileged access abuse.

The following are the four truths about privileged access security on AWS (and, generally, other public cloud providers):

  1. Customers of AWS and other public cloud providers should not fall for the myth that cloud service providers can completely protect their customized and highly individualized cloud instances. As the Shared Responsibility Model above illustrates, AWS secures the core areas of their cloud platform, including infrastructure and hosting services. AWS customers are responsible for securing operating systems, platforms, and data and most importantly, privileged access credentials. Organizations need to consider the Shared Responsibility Model the starting point on creating an enterprise-wide security strategy with a Zero Trust Security framework being the long-term goal. AWS’s IAM is an interim solution to the long-term challenge of achieving Zero Trust Privilege across an enterprise ecosystem that is going to become more hybrid or multi-cloud as time goes on.
  2. Despite what many AWS integrators say, adopting a new cloud platform doesn’t require a new Privileged Access Security model. Many organizations who have adopted AWS and other cloud platforms are using the same Privileged Access Security Model they have in place for their existing on-premises systems. The truth is the same Privileged Access Security Model can be used for on-premises and IaaS implementations. Even AWS itself has stated that conventional security and compliance concepts still apply in the cloud. For an overview of the most valuable best practices for securing AWS instances, please see my previous post, 6 Best Practices For Increasing Security In AWS In A Zero Trust World.
  3. Hybrid cloud architectures that include AWS instances don’t need an entirely new identity infrastructure and can rely on advanced technologies, including Multi-Directory Brokering. Creating duplicate identities increases cost, risk, and overhead and the burden of requiring additional licenses. Existing directories (such as Active Directory) can be extended through various deployment options, each with their strengths and weaknesses. Centrify, for example, offers Multi-Directory Brokering to use whatever preferred directory already exists in an organization to authenticate users in hybrid and multi-cloud environments. And while AWS provides key pairs for access to Amazon Elastic Compute Cloud (Amazon EC2) instances, their security best practices recommend a holistic approach should be used across on-premises and multi-cloud environments, including Active Directory or LDAP in the security architecture.
  4. It’s possible to scale existing Privileged Access Management systems in use for on-premises systems today to hybrid cloud platforms that include AWS, Google Cloud, Microsoft Azure, and other platforms. There’s a tendency on the part of system integrators specializing in cloud security to oversell cloud service providers’ native IAM and PAM capabilities, saying that a hybrid cloud strategy requires separate systems. Look for system integrators and experienced security solutions providers who can use a common security model already in place to move workloads to new AWS instances.

Conclusion

The truth is that Identity and Access Management solutions built into public cloud offerings such as AWS, Microsoft Azure, and Google Cloud are stop-gap solutions to a long-term security challenge many organizations are facing today. Instead of relying only on a public cloud provider’s IAM and security solutions, every organization’s cloud security goals need to include a holistic approach to identity and access management and not create silos for each cloud environment they are using. While AWS continues to invest in their IAM solution, organizations need to prioritize protecting their privileged access credentials – the “keys to the kingdom” – that if ever compromised would allow hackers to walk in the front door of the most valuable systems an organization has. The four truths defined in this article are essential for building a Zero Trust roadmap for any organization that will scale with them as they grow. By taking a “never trust, always verify, enforce least privilege” strategy when it comes to their hybrid- and multi-cloud strategies, organizations can alleviate costly breaches that harm the long-term operations of any business.

AWS Certifications Increase Tech Pay Up To $12K A Year

AWS Certifications Increase Tech Pay Up To $12K A Year

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 respectively.
  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications today
  • Globally, four of the five top-paying certifications are in cloud computing.

These and many other insights of which certifications provide the highest salaries by region of the world are from the recently published Global Knowledge 2019 IT Skills and Salary ReportThe report is downloadable here (27 pp., PDF, free, opt-in). The methodology is based on 12,271 interviews across non-management IT staffs (29% of interviews), mid-level professionals including managers and team leads (43%), and senior-level and executive roles (28%) across four global regions. For additional details regarding the study’s methodology, please see page 24 of the report.

Key insights from the report include the following:

  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications. Citrix certifications pay an average salary of $109,546 and those earning an AWS certification see a $12,339 salary bump on average. Red Hat/Linux certification-based jobs pay an average of $113,165 and are seeing an average salary bump of $12,553.  Cisco-certified IT professionals who gain AWS certification increase their salaries on average from $101,533 to $111,869, gaining a 10.2% increase. The following chart compares the salary bump AWS certifications are providing to IT professionals with seven of the more popular certifications (please click on the graphic to expand for easier reading).

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 while the most popular are cybersecurity, governance, compliance, and policy. 27% of all respondents to Global Knowledge’s survey have at least one certification in this category. Nearly 18% are ITIL certified. In North American, the most popular certification categories beyond cybersecurity are CompTIA, Microsoft, and Cisco. The following table from the report provides an overview of salary by certification category (please click on the graphic to expand for easier reading).

  • AWS Certified Solutions Architect – Associate is the most popular AWS certification today, with 72% of respondents having achieved its requirements. Certified Solutions Architect – Associate leads the top five most commonly held AWS certifications today according to the survey. AWS Certified Developer – Associate (33%), AWS Certified SysOps Administrator – Associate (24%), AWS Certified Solutions Architect – Professional (16%) and AWS Certified Cloud Practitioner round out the top five most common AWS certifications across the 12,271 global respondents to the Global Knowledge survey.

The State Of Cloud Business Intelligence, 2019

  • An all-time high 48% of organizations say cloud BI is either “critical” or “very important” to their operations in 2019.
  • Marketing & Sales place the greatest importance on cloud BI in 2019.
  • Small organizations of 100 employees or less are the most enthusiastic, perennial adopters and supporters of cloud BI.
  • The most preferred cloud BI providers are Amazon Web Services and Microsoft Azure.

These and other insights are from Dresner Advisory Services’ 2019 Cloud Computing and Business Intelligence Market Study. The 8th annual report focuses on end-user deployment trends and attitudes toward cloud computing and business intelligence (BI), defined as the technologies, tools, and solutions that rely on one or more cloud deployment models. What makes the study noteworthy is the depth of focus around the perceived benefits and barriers for cloud BI, the importance of cloud BI, and current and planned usage.

“We began tracking and analyzing the cloud BI market dynamic in 2012 when adoption was nascent. Since that time, deployments of public cloud BI applications are increasing, with organizations citing substantial benefits versus traditional on-premises implementations,” said Howard Dresner, founder, and chief research officer at Dresner Advisory Services. Please see page 10 of the study for specifics on the methodology.

Key insights gained from the report include the following:

  • An all-time high 48% of organizations say cloud BI is either “critical” or “very important” to their operations in 2019. Organizations have more confidence in cloud BI than ever before, according to the study’s results. 2019 is seeing a sharp upturn in cloud BI’s importance, driven by the trust and credibility organizations have for accessing, analyzing and storing sensitive company data on cloud platforms running BI applications.

  • Marketing & Sales place the greatest importance on cloud BI in 2019. Business Intelligence Competency Centers (BICC) and IT departments have an above-average interest in cloud BI as well, with their combined critical and very important scores being over 50%. Dresner’s research team found that Operations had the greatest duality of scores, with critical and not important being reported at comparable levels for this functional area. Dresner’s analysis indicates Operations departments often rely on cloud BI to benchmark and improve existing processes while re-engineering legacy process areas.

  • Small organizations of 100 employees or less are the most enthusiastic, perennial adopters and supporters of cloud BI. As has been the case in previous years’ studies, small organizations are leading all others in adopting cloud BI systems and platforms.  Perceived importance declines only slightly in mid-sized organizations (101-1,000 employees) and some large organizations (1,001-5,000 employees), where minimum scores of important offset declines in critical.

  • The retail/wholesale industry considers cloud BI the most important, followed by technology and advertising industries. Organizations competing in the retail/wholesale industry see the greatest value in adopting cloud BI to gain insights into improving their customer experiences and streamlining supply chains. Technology and advertising industries are industries that also see cloud BI as very important to their operations. Just over 30% of respondents in the education industry see cloud BI as very important.

  • R&D departments are the most prolific users of cloud BI systems today, followed by Marketing & Sales. The study highlights that R&D leading all other departments in existing cloud BI use reflects broader potential use cases being evaluated in 2019. Marketing & Sales is the next most prolific department using cloud BI systems.

  • Finance leads all others in their adoption of private cloud BI platforms, rivaling IT in their lack of adoption for public clouds. R&D departments are the next most likely to be relying on private clouds currently. Marketing and Sales are the most likely to take a balanced approach to private and public cloud adoption, equally adopting private and public cloud BI.

  • Advanced visualization, support for ad-hoc queries, personalized dashboards, and data integration/data quality tools/ETL tools are the four most popular cloud BI requirements in 2019. Dresner’s research team found the lowest-ranked cloud BI feature priorities in 2019 are social media analysis, complex event processing, big data, text analytics, and natural language analytics. This years’ analysis of most and least popular cloud BI requirements closely mirror traditional BI feature requirements.

  • Marketing and Sales have the greatest interest in several of the most-required features including personalized dashboards, data discovery, data catalog, collaborative support, and natural language analytics. Marketing & Sales also have the highest level of interest in the ability to write to transactional applications. R&D leads interest in ad-hoc query, big data, text analytics, and social media analytics.

  • The Retail/Wholesale industry leads interest in several features including ad-hoc query, dashboards, data integration, data discovery, production reporting, search interface, data catalog, and ability to write to transactional systems. Technology organizations give the highest score to advanced visualization and end-user self-service. Healthcare respondents prioritize data mining, end-user data blending, and location analytics, the latter likely for asset tracking purposes. In-memory support scores highest with Financial Services respondent organizations.

  • Marketing & Sales rely on a broader base of third party data connectors to get greater value from their cloud BI systems than their peers. The greater the scale, scope and depth of third-party connectors and integrations, the more valuable marketing and sales data becomes. Relying on connectors for greater insights into sales productivity & performance, social media, online marketing, online data storage, and simple productivity improvements are common in Marketing & Sales. Finance requiring integration to Salesforce reflects the CRM applications’ success transcending customer relationships into advanced accounting and financial reporting.

  • Subscription models are now the most preferred licensing strategy for cloud BI and have progressed over the last several years due to lower risk, lower entry costs, and lower carrying costs. Dresner’s research team found that subscription license and free trial (including trial and buy, which may also lead to subscription) are the two most preferred licensing strategies by cloud BI customers in 2019. Dresner Advisory Services predicts new engagements will be earned using subscription models, which is now seen as, at a minimum, important to approximately 90% of the base of respondents.

  • 60% of organizations adopting cloud BI rank Amazon Web Services first, and 85% rank AWS first or second. 43% choose Microsoft Azure first and 69% pick Azure first or second. Google Cloud closely trails Azure as the first choice among users but trails more widely after that. IBM Bluemix is the first choice of 12% of organizations responding in 2019.

10 Charts That Will Change Your Perspective Of Amazon Prime’s Growth

    • 70% of Americans with incomes of $150,000 or more who shop online have Amazon Prime memberships.
    • Amazon Prime international customers will grow at a 56% compound annual growth rate (CAGR) between 2016 to 2018.
    • Amazon shipped more than 5 billion items in 2017 with Prime worldwide.
    • By 2022 there will be 56 million Amazon Prime Video subscribers in the U.S., and 122 million worldwide.

Net Sales at Amazon reached $177.9B in 2017, a 31% increase from $136B in 2016 and Net Income increased from $2.4B in 2016 to $3B in 2017. Their fourth quarter, 2017 financial results are available here. Their latest financial results also reflect how increasing operating expenses are squeezing margins as the company builds out their fulfillment network in international markets, technology, content, and marketing efforts.

Amazon Prime is an annual membership program that includes unlimited free shipping of over 100 million items, access to unlimited instant streaming of thousands of movies and TV episodes, Alexa voice shopping, unlimited free access to thousands of Kindle books and content. Amazon Prime also includes free same day delivery on selected products, in addition to planned services Amazon is fine-tuning for launch later this year.

Revenue for online subscriptions to services like its Amazon Prime membership, Audible, Prime Video, and Prime Music Unlimited was up 49% year over year, handily outpacing the 20% year-over-year revenue growth from its online store segment. In January 2018 Amazon raised the price for Prime membership $2 to $12.99 for customers making monthly payments, totaling $156 per year. Amazon chose to leave the Prime membership price at $99 for those customers choosing to make one annual payment. Investment firm Cowen & Company estimates the $2 price increase to Prime subscribers who pay monthly will generate an additional $300M in revenue.

The following ten charts provide insights into Amazon Primes’ explosive growth:

  • 51% of U.S. households will be Amazon Prime subscribers in 2018, up from 45% in 2017 with Prime subscribers spending up to 4.6X more than non-prime customers. Morgan Stanley estimates that the average Amazon Prime customer spent $2,486 over the last twelve months compared to $544 for non-Prime Amazon customers. Source: Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in).

  • There are an estimated 90 million paying Amazon Prime subscribers in the United States today according to Consumer Intelligence Research Partners and Statista. Amazon was able to grow Prime memberships from 63 million in June 2016 to 90 million in September of last year. From just 25 million members in December 2013 to 90 million in September of last year, Amazon has been able to attain a 29.2% CAGR of subscribers over the last five years. Statista found that Amazon Prime members spend an average of $1,300 per year compared to non-Prime members who spend $700 annually. Source: Statista.   

  • 70% of Americans with incomes of $150,000 or more who shop online have Amazon Prime memberships. Alexa, Echo, Dash, IoT, Smart Home and Prime Now delivery services are predicated on attracting and retaining Prime customers who have higher disposable incomes and are willing to pay for convenience. Amazon realizes the most profitable Prime customers they have are facing a continual time shortage due to demanding jobs and travel schedules. The Prime services roadmap continues to reflect convenience and speed to serve high-income families, many of which have two wage earners, where time is at a premium. Source: Statista.

  • 46% of Amazon Prime subscribers buy something online using the benefits of their subscription at least once a week. In contrast, only 13% of non-Prime Amazon shoppers make weekly purchases. Amazon’s proliferation of services helps to keep Prime customers coming back. Combining a broad services portfolio and real-time convenience on a trusted platform, Amazon has found a way to become indispensable to customers who have high disposable incomes and little extra time. Source: Nearly Half of US Households Are Now Amazon Prime Subscribers, eMarketer Retail. January 30, 2018.

  • Amazon Prime international customers will grow at a 56% compound annual growth rate (CAGR) between 2016 to 2018, growing over two times as fast as the S. Prime customer base while expectations of shorter delivery times increase. Morgan Stanley estimates there will be 62 million U.S.-based Amazon Prime customers by the end of 2018, growing from an estimated 54 million in 2017. International Prime subscribers are projected to grow from 18 million in 2018 to 45 million in 2018. Source: Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in).

  • By 2022 there will be 56 million Amazon Prime Video subscribers alone in the U.S., and 122 million worldwide. Within four years it’s projected that Amazon Prime Video will grow its customer base globally to 122 million subscribers, with 45.9% from the U.S. alone. Amazon’s Source: Statista.

  • Amazon Prime Video is the primary growth catalyst for Amazon to gain new subscribers in Japan, Germany, and the UK. Amazon Prime membership jumped 16% in Japan in just three months following the launch of Prime Instant Video. Prime subscriber rates increased in the UK and Germany with the introduction of Prime Instant Video. Source: Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in).

  • 63% of Amazon online shopping users are also subscribers to Amazon Prime today. Gaining new Prime subscribers from existing online users have started to slow down compared to other areas of Amazon Prime growing at double-digit growth rates. Amazon’s strategy of broadening the base of services and devices including Alexa to attract new subscribers shows signs of working according to their latest financial results. Source: Statista.

  • Amazon Prime has 3.4 times the number of customers acquired Whole Foods Market has and is changing the pricing and profitability of food retailing now. Amazon is actively re-ordering the food retailing landscape by capitalizing on the scale of their operations in the supply chain, logistics and fulfillment operations. Morgan Stanley found that the primary reason customers aren’t shopping at Whole Foods Markets is the perception of lower prices elsewhere. Amazon’s selective reduction of prices at Whole Foods Markets is margin-driven today. Source: Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in).

  • Amazon is combining Prime Now 1 to 2-hour deliveries and Whole Foods Market local inventory to fuel and scale a profitable grocery delivery business. One of the most attractive benefits of Prime membership is the flexibility of ordering products for 1 to 2-hour By increasing the variety of products deliverable by the Prime Now service, Amazon is scaling its home delivery business profitably. Source: Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in).

Data Sources on Amazon Prime and their latest reported financial results:

Amazon Disruption Symposium Where so Far? Where to Next? Who is Safe?, Morgan Stanley, September 18, 2017. (PDF, 88 pp., no opt-in)

Amazon has around 80 million reasons to be excited for Prime Day, Business Insider. July 10, 2017

Amazon hikes the price of Prime monthly memberships by 18%, CNN, January 19, 2018

Amazon nipping at Netflix’s heels, IHS Markit, January 16, 2018

Amazon Prime Had A Ridiculously Good 2017, Slash Gear January 2, 2018

Amazon Prime had its best year of sign-ups ever, Quartz, Alison Griswold.

Amazon Prime Hits 90 Million US Members, Consumer Intelligence Research Partners, October 18, 2017 (PDF, 22 pp., no opt-in)

Amazon Prime’s Monthly Price Hike Will Generate $300 Million a Year, Bloomberg & Company, January 22, 2018

Don’t Overlook These Metrics From Amazon.com, Inc.’s Fourth Quarter, NASDAQ. February 10, 2018

For the wealthiest Americans, Amazon Prime has become the norm, Recode, June 8, 2017

Here’s How Much Amazon Prime Customers Spend Per Year, Fortune, October 18, 2017

Nearly Half of US Households Are Now Amazon Prime Subscribers, eMarketer Retail, January 30, 2018

Number of Amazon Prime Video subscribers worldwide in selected countries in 2022 (in millions), Statista, 2018.

Pros and Cons of Amazon Prime, Consumer Reports, February 22, 2018

Sixty-Four Percent Of U.S. Households Have Amazon Prime, Forbes, June 17, 2017

Why Amazon Bought Whole Foods, The Atlantic, June 16, 2017

%d bloggers like this: