Why COVIDSafe chose AWS
The Australian federal government released the COVIDSafe app this week. It’s a contact tracing app designed to help find close contacts of COVID-19 cases. The app is intended to assist health officials to quickly contact people who may have been exposed to COVID-19. In Australia, use of the app is completely voluntary. However, it has stoked a significant debate on privacy concerns, spawning a number of urban myths at the same time.
Much has been made of the decision to use AWS to store the data. Some have questioned that choice. We are not surprised and here is why.
When the public Cloud first came an option, security was one of the first considerations. Concerns were raised that services were no longer dedicated and were by design easily exposed to the Internet. Surely, my applications and data are safer in my own data centre behind firewalls and networks that I manage?
Fast forward to 2020, and the needle has moved. A number of surveys, including this data from McAfee, say that 65% of organisations now believe that the public Cloud offers an at least equivalent or a more secure service than an on-premises solution.
According to Gartner, “Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers.”.
What has driven that change in attitude?
A wider security team
By adopting the Cloud, you leverage the considerable investment in security that a global organisation can bring to the table. Most organisations can’t hire enough skilled and experienced resources to effectively monitor, protect and keep their technical environments up to date. The whole public Cloud business depends on ensuring that customers’ data remains secure. As such, the major Cloud providers, such as AWS, employ hundreds (or thousands) of developers and IT professionals focussing purely on security.
Democratising the technology
With the public Cloud, we gain access to technology solutions without significant upfront investment. Do you need a managed threat detection service for your compute, network and access and identity management? In AWS, turn on GuardDuty for the cost of a cheap lunch each month. How about encrypting all your storage by default? It’s free and has no performance impact.
In addition, you can take advantage of the high availability capability of the Cloud without having to build your own expensive multi data centre capability. You have many geographic regions to choose from. Each region has multiple availability zones. Multiple data centres underpin these zones. All the facilities are interconnected by secure high-speed networks. AWS fully manages these data centres, zones and regions. You get the advantage of some serious resilience to failure. Yet, you also get full control of your data. If you need to guarantee that it stays in the Sydney region, then you can configure that. The COVIDSafe app does exactly that. Its data remains in Australia.
Automation is your friend
In 2020, with an ever sophisticated threat landscape, you need to keep on top of the malicious actors. Timely response becomes critical. Automation is key to achieving that. Automation is the foundation of the AWS public Cloud. In fact, the entire ecosystem is designed for automation. At RedBear we make heavy use of it. Not only does it result in a faster response but it means we can reduce human error and use repeatable patterns.
Why did the Australian government choose AWS for the COVIDSafe app? The AWS Cloud has more security services that any other Cloud provider. At the time of writing, it has 28 individual security services. The app data is encrypted using government managed keys. As a result, AWS teams have no access to this data. Your data is guaranteed to stay in Australia, in the Sydney region. It’s simple the most complete and secure choice.
Not only is it more secure than a self hosted solution, but the app takes advantage of the scalable of the AWS environment. It can grow and shrink to meet demand.
You might be surprised to know that many government services have been running on AWS for several years!
What about the COVIDSafe app?
We haven’t performed an in-depth analysis of the application. We leave that to people who are more suited to that sort of investigation. Try the excellent analysis done by Vanessa Teague and colleagues.
Nevertheless, we wanted to bust a few myths.
- No, it doesn’t record your location information. The app has no access to GPS data and can’t be used to track where you have been;
- It only records interactions with other COVIDSafe apps on nearby devices;
- Only if you test positive to COVID-19 will your data be uploaded. Even then, the upload requires your permission;
- As already stated, your data will remain in Australia. It will be under the control of the Australia government, not AWS.
Overall, is it perfect? No. Are there major concerns that outweigh the benefits to all Australians? No.
The only choice
At RedBear, we would argue that in 2020, if you aren’t on the Cloud, you are already going backwards. Not only is it more secure, but it provides unparalleled scale, flexibility and opportunity.
If you care about the security of your data and your customer’s data, as the COVIDSafe app does, the AWS Cloud will take care of most of the heavy lifting. Of course, it’s a shared responsibility. AWS will manage the security of the Cloud and provide you with a broad range of services. It’s your responsibility to use them correctly and to ensure the security of your applications and their data.
Do it the right way
Maybe you have an application that you want to deliver securely? Alternatively, you might feel it is time to review the security posture of your current solution. If so, get in contact with us to have a chat about how we can help you do it the right way.
Finally, to all Australian’s out there, please install and use the app. It’s will help us all to safely ease the current restrictions whilst protecting the vulnerable in our community!