"Top Ten" Security Updates from AWS re:Invent 2019
Phil Rodrigues
Global Head of Customer Security Outcomes, Global Services Security, Amazon Web Services (AWS)
This article represents my own view points and not the views of my employer, Amazon Web Services.
(Update: Corrected #10 from Graviton1 to Graviton2.)
Its that time of year again. Time to catch-up on all of the announcements from AWS re:Invent while reading various year end Top Ten articles. Let's combine both! Here are my views on the "Top Ten" AWS Security, Identity and Compliance updates from AWS re:Invent 2019.
1) Amazon Detective - Makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
2) AWS KMS Asymmetric Keys - Create, manage, and use public/private key pairs to protect your application data using the new APIs via the AWS SDK, for example for digital signing.
3) AWS Managed Rules for WAF - Multiple new features including rules managed by the AWS Threat Research Team, with new rules being added as additional threats are identified.
4) Simplify Access with IAM Attributes and Tags - Use your employees’ existing identity attributes (such as cost center and department) from your directory to implement attribute-based access control to AWS resources to simplify permissions management at scale.
5) IAM Access Analyser - Generate comprehensive findings that identify resources that can be accessed from outside an AWS account, by evaluating resource policies using mathematical logic and inference to determine the possible access paths allowed by the policies.
6) AWS SSO with Azure AD - Enables enterprises that use Azure AD to leverage their existing identity store with AWS Single Sign-On, including automatic synchronization of user identities and groups.
7) Amazon S3 Access Points - Unique hostnames with dedicated access policies that describe how data can be accessed using that endpoint, which allows buckets to have multiple access points and each access point to have its own AWS IAM policy.
8) VPC Ingress Routing - Associate route tables with an internet gateway or virtual private gateway, and redirect Amazon VPC traffic through virtual appliances in your VPC.
9) AWS Nitro Enclaves - Create isolated compute environments to further protect and securely process highly sensitive data within Amazon EC2 instances, including cryptographic attestation for your software as well as integration with AWS KMS.
10) AWS EC2 Graviton2 Instance Memory Encryption - Run cloud native applications securely, and at scale, including always-on 256-bit DRAM encryption and 50% faster per core encryption performance.
What was your Ten Top?
Web3 Builder | C Suite | Strategic Partnerships | Explosive Growth Leader | ex Microsoft, Check Point, IBM
5 年Thanks for sharing Phil, a multitude of announcements from re:Invent this year.
Cyber Security | Team Builder | Strategy & Architecture | Program Management | Engineering & Operations | GRC | SABSA | CISM | CRISC | BE | ME
5 年Kiran P.ydi Andrew M. Jui Bopardikar
CEO @ PolarSeven
5 年Thanks Phil Rodrigues great rundown
Boost team productivity globally through automated transcription and the AI magic touch while leading the enterprise growth on 5 continents | Collaboration | Gen AI | Google Cloud | Automation | LLM
5 年Spot on!
Consultor de Seguran?a da Informa??o | Cloud Security | Arquiteto de Seguran?a da Informa??o | CISO | Gerente de Seguran?a da Informa??o
5 年Juliano Carvalho Bueno