Every year AWS is hosting its signature security conference and below are the key highlights of this year re:inforce keynote by AWS CISO CJ Moses.
- AWS invests deeply in security to protect customers and ensure AWS security.
- AWS follows the Security Shared Responsibility model, where customers have responsibilities in architecting and implementing their use of AWS security services.
- Security is about people and culture, and understanding human psychology is essential for a successful AWS security strategy.
- AWS has developed security products based on learnings from working with the FBI’s Behavioral Sciences Unit, enhancing AWS security measures.
- AWS has developed its own virtualization technology called AWS Nitro System for enhanced security and performance in AWS.
- AWS Nitro System ensures that AWS operators don’t have access to customer data, providing an extra layer of AWS security.
- Firecracker is an open-source virtualization technology developed by AWS for secure multitenant container and function-based services, enhancing AWS security for container workloads.
- AWS has a rigorous application security review process and performs over 7500 App-Sec reviews annually, ensuring robust AWS security.
- AWS supports over 140 security standards and compliance certifications, demonstrating its commitment to AWS security and compliance.
- AWS gathers security intelligence at scale and in real-time to enhance defense mechanisms and provide comprehensive services and guidance to customers, ensuring robust AWS security measures.
- Regardless of the scale of your cloud environment or the number of AWS accounts and users, AWS focuses on ensuring that your data and resources remain accessible to your organization only, providing secure AWS services.
- AWS has invested in two key concepts for data perimeter security: AWS Organization and Amazon Virtual Private Cloud (VPC), enhancing AWS security for data protection.
- AWS customers use service control policies in AWS organizations to enforce rules, such as preventing data from being written to external AWS resources, and enhancing AWS security controls.
- The recently launched AWS Management Console Private Access allows organizations to limit console access to their network, ensuring that users interactively signing in on behalf of the organization, enhancing AWS security for console access.
- Amazon GuardDuty, a threat detection service, now offers detection for Amazon Aurora databases, EKS runtime monitoring for EKS clusters, and support for AWS Lambda functions, enhancing AWS security for threat detection and monitoring.
- AWS introduces code scans for Lambda functions with Amazon Inspector, allowing for the detection of security vulnerabilities in code and providing actionable findings and remediation guidance, enhancing AWS security for code integrity.
- Amazon Inspector now enables the export of Security Bill of Materials (SBOMs) in open standard formats, aiding in managing and analysing software dependencies in deployable artifacts, and enhancing AWS security for software management and analysis.
- Delta Air Lines shares its security practices, including fostering a security-aware culture, partnering with AWS for secure cloud development, and embedding security values into its culture and values, showcasing AWS security practices and collaboration.