Today at AWS re:Invent, Amazon Web Services, Inc. (AWS), an Amazon.com company, announced that customers can now use AWS PrivateLink to access third-party SaaS applications from their Virtual Private Cloud (VPC) without exposing their VPC to the public Internet. Customers can also use AWS PrivateLink to connect services across different accounts and VPCs within their own organizations, significantly simplifying their internal network architecture.
Since the introduction of Amazon VPC in 2009, AWS customers have been able to define and control private, secure networks without having to invest in and manage a VPN infrastructure. The vast majority of Amazon EC2 instances now run in Amazon VPCs, and many customers rely on the ability to limit access to their VPC from the Internet as a critical component of their security. However, this presents a challenge when using third-party SaaS applications, as customers often have to make a choice between allowing Internet access from their VPC in order to access these SaaS applications, or not using them at all. With AWS PrivateLink, customers can now connect their VPCs to third-party services in a secure and scalable manner. Earlier this month, AWS introduced the ability for customers to access AWS services over AWS PrivateLink. Now, AWS has extended AWS PrivateLink to support non-AWS services so that customers no longer have to choose between using a third-party SaaS offering or exposing their critical data to the Internet. Traffic between a customer’s VPC and a AWS PrivateLink-powered service stays within the AWS network and doesn't traverse the Internet, reducing threat vectors such as “brute force” and distributed-denial-of-service (DDoS) attacks. Services supported on AWS PrivateLink are delivered using private IP connectivity and security groups, and function like services that are hosted directly on a customer’s private network.
“We have seen a growing desire from our enterprise customers to move from traditional on-premises applications to SaaS offerings hosted in the cloud. However, we have also heard that adoption of many SaaS offerings is limited by customers’ desire not to expose their data to the Internet. With AWS PrivateLink, customers now have a way to access third-party services over their dedicated AWS network,” said Matt Garman, Vice President, Compute Services, AWS. “With AWS PrivateLink, it has never been easier or more secure for our customers to use SaaS applications within their AWS environment.”
When customers use AWS PrivateLink to connect to SaaS applications like Twilio or Snowflake, their exposure to common security threats is significantly reduced. "At Twilio, we care about the security of our customers. As part of our Twilio Interconnect offering, AWS PrivateLink will provide another option for our customers, whether they are running on AWS or on-premises, to establish secure and private connections directly to the Twilio cloud,” said Richard Seiersen, CISO and VP of Trust, Twilio. “AWS PrivateLink complements the investments we have made to meet the security and compliance needs of our customers.”
“Snowflake continues to drive innovation by offering fast, affordable and secure data warehouse solutions," said Matt Glickman, Vice President of Product Management, Snowflake. "One of the key concerns our enterprise customers have is how to securely transmit data in the cloud. By embracing AWS PrivateLink, Snowflake can now offer customers an end-to-end solution to securely access their data without ever having to go over the public Internet."
Combining the developer experience coders love with the trust and infrastructure services big companies need, Heroku is the leading platform for building transformative enterprise apps, fast. "Customers are increasingly building applications that span both Heroku and existing AWS resources - all while leveraging AWS to extend Salesforce deployments," said Adam Gross, SVP of Heroku at Salesforce. “AWS PrivateLink is a secure new way for joint Salesforce and AWS users to harness customer data and build applications with speed and speed.”
Using AWS Marketplace, customers can easily discover SaaS products that support AWS PrivateLink. AWS Marketplace features a wide range of AWS PrivateLink-enabled products, many of which are available today with many more coming soon. Sellers that will be supporting AWS PrivateLink include Aqua Security, CA Technologies, Cisco Stealthwatch Cloud, Dynatrace, and SigOpt.
SigOpt is a SaaS optimization platform that amplifies research by taking customers’ research pipeline and tuning it, right in place, from machine learning and data science to manufacturing and process engineering. “Last month, we announced the availability of SigOpt on AWS,” said Scott Clark, Co-founder and CEO, SigOpt. “Today, we are doubling down on our collaboration with AWS through AWS PrivateLink. With AWS PrivateLink, customers can now use SigOpt from a custom, secure endpoint within their Amazon VPCs. This allows SigOpt to function as if the service were available in customers’ own networks, while maintaining all of the benefits that make our SaaS solution so great.”
AWS PrivateLink will make it easier for customers like Autodesk to manage their growing network as a series of smaller and interconnected VPCs. “At Autodesk, we have hundreds of developer teams using their own accounts and VPCs for building products and services,” said Reeny Sondhi, Chief of Product Security, Autodesk. “AWS PrivateLink will give our developers an easy, secure, and scalable way to enable private connectivity for shared services and microservices across different accounts and VPCs. We are excited to use a solution that will deliver higher agility in product development and improved security posture at the same time.”