Businesses trend to build generative AI applications on AWS

At an online ASEAN security briefing held on July 3, Kimberly Dickson, senior worldwide security specialist at AWS, said that the company had made key announcements about its products and solutions at AWS re:inforce, held on June 10-12 in Philadelphia, showcasing the company’s commitment to ensuring that customers can build generative AI and AI applications on top of AWS.

Kimberly Dickson, senior worldwide security specialist at AWS

“Generative AI requires a defence-in-depth approach. Generative AI is incredibly powerful and is transforming how we do business and innovate. Customers choose AWS because it provides the tools to run their AI workloads in a secure, private, and safe manner,” she added.

“The addition of these features to our services highlights three key points. Firstly, AWS is the most secure cloud platform. Secondly, customers increasingly choose AWS to build their generative AI applications because of our commitment to security. Lastly, customers are improving their security outcomes and building innovative generative AI applications on AWS,” she elaborated.

She cited some examples of how customers use AWS to build a defence-in-depth strategy. They include companies in Singapore, Thailand, and Vietnam. Specifically, Synapxe, Singapore’s national health tech agency, has a HealthX Innovation Sandbox that lets public healthcare entities experiment and demonstrate healthcare innovations in a cost-effective, secure, and simulated production environment on the Healthcare Commercial Cloud built on AWS.

Synapxe also collaborates with AWS on AI and data applications that enable healthcare providers to leverage data analytics and AI across healthcare systems. The sandbox leverages Amazon Bedrock, a service that allows customers to build and scale generative AI applications with foundational models.

To secure the sandbox and the healthcare data within it, Synapxe leverages AWS security services and tools such as AWS Shield Advanced, a managed DDoS protection service, and AWS Web Application Firewall, which protects web applications from common exploits like SQL injections.

Elsewhere, Arcanic.ai is a Vietnamese company developing a culturally aware all-in-one AI platform for Vietnamese businesses, fine-tuning their large language models using Amazon SageMaker.

Meanwhile, Temus Singapore is a company that provides digital transformation solutions for both the private and public sectors. Temus leverages Amazon CodeWhisperer, an AI coding assistant, to provide recommendations to improve quality and security. This increased developer productivity by 35 per cent while improving code quality and leveraging built-in security scans for maintainability across all services.

“These customers are building their generative AI applications on AWS because they understand our three-layered approach to modern application security. AWS integrates three layers in our generative AI tech stack. Starting from the bottom layer, we provide secure physical hardware for building and training large language models and foundational models. One essential component is our Nitro system, which continuously monitors, protects, and verifies the instance hardware, including those running our generative AI services. In the middle layer, we offer tools to help build generative AI models, such as Amazon Bedrock. To safeguard against model abuse, we developed Amazon Bedrock Guardrails to filter out harmful content. At the top layer, we have applications that leverage large language models and foundational models,” Dickson explained.

At the briefing, talking to VIR about which sectors and industries are being most vulnerable to security threats, Dickson said, “When it comes to security threats, no industry or sector is inherently more vulnerable than another. AWS democratises access to security tooling so that both startups and large enterprises have the same security capabilities. The key is building a defence-in-depth strategy. AWS constantly reduces the cost of security services, like Amazon Macie, which has reduced its spending by 80 per cent since launch. This means that regardless of industry or sector, leveraging these tools and building multi-layered security configurations can ensure security.”

“For case studies in Vietnam like Arcanic.ai, this example highlights how AWS's security tools and best practices are being utilised in Vietnam to develop and secure generative AI applications,” she noted.

AWS re:inforce 2024

At re:Inforce 2024, AWS made key announcements and launches designed to help customers build strong and secure foundations on AWS. First, Amazon GuardDuty now supports malware protection for Amazon S3. Customers often upload vast amounts of data to Amazon S3, their object storage service. With this growing volume of data at a global scale, it is highly important for customers to be able to automatically detect potential malware in newly uploaded objects to Amazon S3 without building complex data scanning pipelines. GuardDuty uses industry-leading third-party malware scanning engines directly within the service, providing robust threat detection.

Next, in identity and access management, AWS IAM now supports passkeys for multifactor authentication (MFA). AWS is enhancing security by enforcing MFA on all root account users of management accounts in AWS Organisations starting in July. This ensures that users verify their identity with more than just a username and password.

Another upgrade in IAM is to AWS IAM Access Analyzer, which helps customers achieve least privilege and refine their permissions. It has introduced recommendations to review and remove unused access keys, passwords, and roles, reducing the attack surface. Additionally, AWS has released custom policy checks, enabling customers to ensure their IAM policies adhere to security standards. This helps prevent the deployment of overly permissive policies, enhancing security across their AWS environment.

Third, AWS CloudTrail Lake, which now supports natural language query generation, is a managed data lake for all AWS API activity logs, including logs for users, services, and machines. AWS has announced in the preview that CloudTrail Lake now supports natural language query generation. For example, customers no longer need to write complex SQL queries to analyse the data within CloudTrail Lake. Using natural language, customers can ask CloudTrail Lake questions like "Tell me how many database instances were created without encryption turned on", or "How many users logged into the AWS console yesterday". CloudTrail Lake will interpret these questions and generate the appropriate queries for customers to use in their data lake.

Lastly, AWS Audit Manager has released an updated AI best practices framework for Amazon SageMaker. AWS Audit Manager is a service that helps customers with compliance, reporting, and preparation of evidence for IT audits. With these best practices framework for generative AI, customers can collect evidence to gain visibility on whether their generative AI workloads comply with controls around governance, data security, privacy management, and business continuity.

AWS announces general availability of Amazon Q Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), has announced the general availability of Amazon Q, the most capable generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.

PVcomBank builds success on AWS cloud PVcomBank, one of the fastest growing banks in Vietnam, is building a platform on AWS to deploy advanced technologies to promote innovation, enhance customer satisfaction, and increase operational efficiency. Trinh Vinh Hien, deputy IT director at PVcomBank, and Eric Yeo, country manager at AWS Vietnam, spoke with VIR’s Bich Thuy about the partnership and moving forward.

VIB first bank in Vietnam to deploy AWS Skill Builder to enhance cloud computing capabilities Vietnam International Bank (VIB) has announced it has integrated Amazon Web Services (AWS) Skill Builder, an online learning centre designed to provide role-based training and learning plans for workers to build in-demand cloud skills, into its cloud computing training programme.