As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help. Credit: gorodenkoff Amazon’s AWS Control Tower system, designed to let users more easily manage complicated cloud environments with multiple accounts and wide arrays of services, now has 65 new controls and rule sets aimed at managing digital sovereignty concerns. The new controls, which the company announced in a blog post on Monday during its week-long re:Invent conference, focus on allowing users to comply with complex regulatory and security requirements in a more programmatic way, adding features like the ability to mandate certain Nitro instance types for particular EC2 hosts, and implementing advanced key management strategies for broader encryption. Control Tower’s new features also allow for finer control over where, physically, an organization’s data can be stored or sent. Whereas before, the “Region” system could only be applied to a single landing zone — Control Tower’s dedicated “home” area for managing governance, risk and compliance (GRC) policy — users can now mark out regional controls for data based on individual organizational units and accounts globally. This, the company said, makes it easier to customize restrictions on the storage and movement of data. This week’s release is the latest step in Amazon’s work toward fulfilling the “AWS Digital Sovereignty Pledge” that it made a year ago — the company promised last November to offer the “most advanced set of sovereignty controls and features available in the cloud.” Its Nitro System hypervisor, which underlies its latest EC2 instances, is the centerpiece of these efforts, but other parts of the vast Amazon cloud empire have received updates as well. “We launched AWS Dedicated Local Zones, a piece of infrastructure that is fully managed by AWS and built for exclusive use by a customer or community and placed in a customer-specified location or data center,” the company’s blog post read. “And more recently, we announced the construction of a new independent sovereign Region in Europe.” The rapidity with which compliance and security requirements have grown and become more complicated is the underlying motive for Amazon’s data sovereignty initiative. Specific industries, like utilities, heavy industry, aerospace and healthcare, tend to have strict requirements for control of sensitive data, making it more difficult to take full advantage of cloud technology. Moreover, different jurisdictions, like the EU and US, have quickly evolving regulatory regimes that businesses must stay compliant with. “Many customers have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow,” Amazon said. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe