Last updated July 21, 2023
Amazon Web Services Inc.’s (AWS) re: Inforce kicked off last week in Anaheim. AWS re: Inforce provides valuable networking and educational opportunities for cybersecurity specialists. Hot topics covered at this year’s event include:
- New services from AWS
- The current state of cloud security
- Renewed focus on security awareness training
- and more!
As more and more businesses migrate to the cloud, AWS in particular, security is pushed to the forefront as a key differentiator. SMB and enterprise business leaders need to feel confident, safe, and secure in their cloud environments. Below, we’ll share our key takeaways from this year’s event.
New AWS Services
The annual cloud security conference kicked off last week with a keynote from CS Moses, AWS CISO and VP of Security Engineering, and Becky Weiss, AWS Senior Principal Engineer. Together, they announced the launch of Amazon CodeGuru Security, Amazon Verified Access, Amazon Verified Permissions, and expanded on the recently announced AWS Security Lake.
Amazon Code Guru Security is a static application security testing (SAST) tool that combines machine learning (ML) and automated reasoning to:
- Identify vulnerabilities in your code
- Recommendations on how to fix any identified vulnerabilities
- Track the status of the vulnerabilities until closure
CodeGuru Security uses ML and automated reasoning to precisely identify code vulnerabilities. This new offering is trained on decades of knowledge and experience. CodeGuru Security also borrows from AWS security best practices and training on millions of code vulnerability assessments within Amazon. CodeGuru Security can then identify code vulnerabilities with a very low false-positive rate.
Amazon Verified Access provides access to corporate applications without a VPN. Built on Zero Trust guiding principles, AWS Verified Access validates every application request before granting access. Verified Access removes the need for a VPN. This simplifies the remote connectivity experience for end users and reduces the management complexity for IT administrators.
Amazon Verified Permission is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control.
Amazon Security Lake provides broad visibility to investigate and respond to security events. This is accomplished by centralizing security data from AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake stored in your AWS account.
The State of Cloud Security
In 2023, security is at the forefront of everyone’s mind. Last year, ransomware attacks increased by 80% year-over-year. With this continued rise in ransomware activity, cloud ransomware has become an increasingly examined topic. This, coupled with the need for business transformation, will continue to fuel a high rate of cloud adoption.
Gartner predicts public cloud spending will grow from $494.7B in 2022 to nearly $600B in 2023. As more and more business leaders embrace the benefits of cloud and migrate their data, they also must ensure they have the necessary protections and support.
Emerging trends in response to security and ransomware concerns include the rising use of Artificial Intelligence (AI) and Machine Learning (ML) in cloud security as well as an expansion of the Zero Trust security model.
Read our article: Cloud Security Trends and Challenges
Security Awareness Training
The importance of security awareness training was one of the primary themes that emerged from this year’s event. According to Forbes event coverage, AWS re: Inforce 2023 emphasized the concept of ‘Security Culture’ where every team member, irrespective of their role, is a crucial part of the organization’s defense mechanism.
Engaging and effective security awareness programs, designed to make every employee a security advocate, represent a crucial line of defense against increasingly sophisticated cyber threats. Better security awareness is a significant shift towards proactive defense, underscoring the necessity to embed security in the fabric of an organization’s culture. Security awareness training is not merely valuable; it’s indispensable for a stronger, more effective cybersecurity strategy.
Read more highlights from this year’s AWS re: Inforce on the AWS Security Blog.
Connectria Support for Cloud
Cloud managed service providers can be great partners to help improve visibility in your cloud environments. Therefore, one of the benefits of leveraging managed services is additional knowledge of security and regulations. Ultimately, managed service providers provide peace of mind that your cloud resources are protected from malicious activities.
Contact us today to be connected with one of our security experts who can answer your questions and address your cloud security concerns.