INSUBCONTINENT EXCLUSIVE:
The growth of cloud services — with on-demand access to IT services over the Internet — has become one of the biggest evolutions in
enterprise technology, but with it, so has the threat of security breaches and other cybercriminal activity
Now it appears that one of the leading companies in cloud services is looking for more ways to double down and fight the latter
Amazon AWS has been working on a range of new cryptographic and AI-based tools to help manage the security around cloud-based enterprise
services, and it currently has over 130 vacancies for engineers with cryptography skills to help build and run it all.
One significant part
of the work has been within a division of AWS called the Automated Reasoning Group, which focuses on identifying security issues and
developing new tools to fix them for AWS and its customers based on automated reasoning, a branch of artificial intelligence that covers
both computer science and mathematical logic and is aimed at helping computers automatically reason completely or nearly completely.
In
recent times, Amazon has registered two new trademarks, Quivela and SideTrail, both of which have connections to ARG.
Classified in its
patent application as &computer software for cryptographic protocol specification and verification,& Quivela also has a Github
repositorywithin AWS Labs& profile that describes it as aprototype tool for proving the security of cryptographic protocols,& developed by
the AWS Automated Reasoning Group.(The ARG also has as part of its mission to share code and ideas with the community.)
SideTrail is not on
Github, but Byron Cook, an academic who is the founder and director of the AWS Automated Reasoning Group, has co-authored a research paper
called &SideTrail: Verifying the Time Balancing of Cryptosystems.& However, the link to the paper, describing what this is about, is no
longer working.
The trademark application for SideTrail includes a long list of potential applications (as trademark applications often do)
The general idea is cryptography-based security services
Among them: &Computer software, namely, software for monitoring, identifying, tracking, logging, analyzing, verifying, and profiling the
health and security of cryptosystems; network encryption software; computer network security software,& &Providing access to hosted
operating systems and computer applications through the Internet,& and a smattering of consulting potential: &Consultation in the field of
cloud computing; research and development in the field of security and encryption for cryptosystems; research and development in the field
of software; research and development in the field of information technology; computer systems analysis.
Added to this, in July, a customer
of AWS started testing out two other new cryptographic toolsdeveloped by the ARG also for improving an organization cybersecurity
Tiros and Zelkova, as the two tools are called, are math-based techniques that variously evaluate access control schemes, security
configurations and feedback based on different setups to help troubleshoot and prove the effectiveness of security systems across storage
(S3) buckets.
Amazon has not trademarked Tiros and Zelkova
AZelkova trademark, for financial services, appears to be registered as an LLC called &Zelkova Acquisition& in Las Vegas, while there is no
active trademark listed for Tiros.
Amazon declined to respond to our questions about the trademarks
A selection of people we contacted associated with the projects did not respond to requests for comment.
More generally, cryptography is a
central part of how IT services are secured: Amazon Automated Reasoning Group has been around since 2014 working in this area
But Amazon appears to be doing more now both to ramp up the tools it produces and consider how it can be applied across the wider business
A quick look on open vacancies at the company shows that there are currently 132 openings at Amazon for people with cryptography
skills.
Cloud is the new computer, the Earth is the motherboard and data centers are the cards,& Cook said in a lecture he delivered
recently describing AWS and the work that the ARG is doing to help AWS grow.&The challenge is that as [AWS] scales it needs to be ever more
secure… How does AWS continue to scale quickly and securely
AWS has made a big bet on our community,& he continued, as one answer to that
That led to an expansion of the group activities in areas like formal verification and beyond, as a way of working with customers and
encouraging them to move more data to the cloud.
Amazon is also making some key acquisitions also to build up its cloud security footprint,
such as Sqrrl and Harvest.ai, two AI-based security startups whose founding teams both happen to have worked at the NSA.
Amazon AWS division
pulled in over $6 billion in revenues last quarterwith $1.6 billion in operating income, a healthy margin that underscores the shift that
businesses and other organizations are making to cloud-based services.
Security is an essential component of how that business will continue
to grow for Amazon and the wider industry: more trust in the infrastructure, and more proofs that cloud architectures can work better than
using and scaling the legacy systems that businesses use today, will bolster the business
And it also essential, given the rise of breaches and ever more sophisticated cyber crimes
Gartner estimates that cloud-based security services will be a $6.9 billion market this year, rising to nearly $9 billion by 2020.
Automated
tools that help human security specialists do their jobs better is an area that others like Microsoft are also eyeing up
Last year, it acquired Israeli security firm Hexadite, which offers remediation services to complement and bolster the work done by
enterprise security specialists.
