Cybersecurity Insights from AWS re:Invent 2019

Time functions differently during the month of December. Before you know it, it will be 2020. Christmas is still 12 days away, but it feels like it’s coming insanely fast. AWS re:Invent ended a week ago, but it seems like it’s been forever. It also seems like a good time to look back and recap what we learned about cybersecurity on AWS.

AWS packs an overwhelming amount of information and announcements into just a few days. The number of sessions is mind boggling—spanning topics like Analytics, Architecture, Artificial Intelligence & Machine Learning, Containers, Databases, DevOps, IoT, Security Compliance & Identity, Storage and more. There were hundreds of sessions—if you count the repeat performances—just in the Security, Compliance & Identity category.

Thankfully, recordings of most sessions are now available from AWS. Whether you missed AWS re:Invent this year, or you attended but just couldn’t make it to every session you wanted attend, the information is available for you.

With so much content and great information shared, I won’t claim this is comprehensive, but here are a few of they takeaways from the perspective of cybersecurity and protecting workloads and data in an AWS cloud environment.

2020 Goals for Your Security Team

During one session, a list of goals for security teams in 2020 was shared:

  • Encrypt everywhere
  • Embed security in development
  • Know who can access what
  • Granular permissions
  • Automate, it’s great

The goals are broad, but definitely a good start. If you can focus on making progress across each of these goals in the coming year, you will definitely be better off.

This is particularly true when it comes to embedding security in development, automating cybersecurity, and having comprehensive visibility when it comes to identity and access management. As organizations go through digital transformation and embrace the cloud, their IT infrastructure will be more complex and more dynamic than a traditional data center and their cybersecurity strategy and tools need to have the agility and scalability to keep up.

AWS IAM Access Analyzer

One of the biggest announcements at AWS re:Invent 2019 from a cybersecurity perspective was the launch of the new AWS Identity and Access Management (IAM) Access Analyzer feature. Security incidents and data breaches in AWS are frequently a function of configuration errors—including allowing access that is too broad or shouldn’t be authorized at all.

AWS IAM Access Analyzer monitors resource policies in your AWS environment and generates findings when a new policy or policy change grants access to an external principal that hasn’t been designated as trusted. Alert Logic announced integration of our managed threat detection and response capabilities with the AWS IAM Access Analyzer feature to notify customers through the Alert Logic Console when an external shared resource must be verified.

Shared Security Responsibility Model

There were a ton of great sessions on virtually every aspect of cybersecurity at AWS re:Invent 2019. I recommend that you take a look at the session catalog and check out the topics that seem relevant for you.

As AWS and its partners roll out new security features it raises the bar and helps customers strengthen the security posture for their AWS environment. The most important thing for organizations to understand, though, is what they are responsible for and what the cloud provider—in this case AWS—will take care of. Alert Logic put together a free ebook to help customers understand the shared security responsibility model. Click here to download the free ebook and learn more about the AWS shared security responsibility model.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley