Zero-trust security requires that users and systems prove their identities and trustworthiness.

Amazon Web Services Inc. takes this concept a step further by embracing the idea that access to data should not be solely made based on network location.

“It is not a binary choice of being … identity centric or network centric,” said Madhu Balaji (pictured), senior solutions architect at AWS. “You want to bring in both together and see it as a holistic implementation. What we want to explain to customers is zero trust is not an end goal in the sense that it’s not a tool or product which you just buy and implement. It’s like a journey … you need to implement those core principles and then implement step by step.”

Balaji spoke with theCUBE industry analysts Dave Vellante and Lisa Martin at the Fal.Con event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how AWS has built zero-trust principles into its core security offerings. (* Disclosure below.)

Application validation

AWS has implemented many of its core zero-trust principles through a solution that was made generally available earlier this year called Verified Access. The AWS offering validates every application request before granting access.

“Verified Access is basically built on zero-trust principles,” Balaji said. “It simplifies the user experience and also operations. If you need access to a specific application, only then you get access or there’s no access to you. That’s the best practice … that’s step one for anybody.”

The explosion of generative AI for enterprise use cases has led to concern around the privacy of company data in large language model training. It is a concern for customers of major cloud providers, such as AWS, raising questions around safeguarding data that is stored in remote cloud environments.

“There are so many concerns from customers,” Balaji said. “We have checks and implementations set up in such a way that the customer data resides in the customer account itself. We don’t have access to that, only the customer will have access.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Fal.Con event:

(* Disclosure: Amazon Web Services Inc. sponsored this segment of theCUBE. Neither AWS nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE