| By Ivaylo Vrabchev, Head of Professional Services at HeleCloud |
Tuesday saw another exciting day at AWS re:Invent 2020, apart from the Machine Learning keynote, there were plenty of interesting sessions. A leadership session on the schedule caught my eye; Stephen Schmidt, AWS CISO presenting “Where we’ve been, where we’re going”. I wanted to know where we are going.
Stephen started his session by highlighting all the security improvements announced throughout 2020, chief among them below:
- AWS Firewall Manager support for AWS WAF and AWS Managed Rules
- AWS IAM Access Analyzer integration with AWS Organization
- AWS Nitro Enclaves
- Amazon Macie cost reduction by over 80%
- Amazon GuardDuty threat detection from S3
AWS Audit Manager
One of the biggest challenges that demands a great deal of manual effort is keeping all records up to date for the day the security auditor requires evidence. As always, AWS has been listening to its customers and working on resolutions to their challenges. Hence, Stephen announced AWS Audit Manager, a new service to help you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. AWS Audit Manager will provide an automated way of collecting evidence for controls that are in place for the main domains – people, processes and technology. It simplifies the review process during an audit and provides audit-ready reports. AWS Audit Manager is now available with the following prebuilt security and compliance frameworks:
- CIS AWS Foundations Benchmark
- General Data Protection Regulation (GDPR)
- Payment Card Industry Data Security Standard (PCI DSS)
AWS Cloud Audit Academy
AWS Cloud Audit Academy (CAA) announced on 1st December and reiterated in Stephens presentation, is a Security Auditing Learning Path designed for those in auditing, risk, and compliance roles, and involved in assessing regulated workloads in the Cloud.
This subject of Audit can present a conflict for capable specialists; engineering teams want to take advantage of innovation capabilities provided by AWS, whilst security and risk teams are uncertain how AWS can help them meet their compliance requirements through audits. In short, AWS CAA introduces a huge and exciting opportunity to support companies moving their regulated workloads to AWS.
Stephen also shared his vision and principles for “Zero Trust” and how to increase your security posture. The key takeaways:
- Avoid binary choice and focus on use cases (use both identity-centric and network-centric security controls)
- Authorise specific flows between components
- Build friction-free access to internal apps
- Deliver a security model that works when the entire workload often exists outside of the traditional network
‘Where we’ve been and where we’re going’ summarised
Stephen re-shared last year’s re:Invent top ten priority areas for 2020, and now outline’s the new ten focus areas for 2021. The table below presents a comparison, and the focal point for organisations aiming to increase their security posture in AWS.
HeleCloud regularly encourage and help its customers implement these recommendations. Some of the recommendations for 2021 are already incorporated into the HeleCloud Landing Zone solution through automated process, detective and preventative controls. Others are part of the Managed Service System that helps HeleCloud’s team to provide 24/7 operation service to our customers, while following the highest industry security practices to the maximum possible extent.
To discuss any of the topics raised here, or your security posture, contact us.
AWS Cloud Audit Academy