After a two-year break, Amazon Web Services Inc.’s (AWS) re:Inforce returned to an in-person event in Boston last week. AWS re:Inforce provides valuable networking and educational opportunities for cybersecurity specialists. The current state of cloud security, ransomware mitigation, and security best practices were hot topics covered at the event.
As for many of us, it’s been two years too long since professionals and AWS leaders have been able to be together in person. However, the pandemic has also shown us the value of in-person events, networking, and learning opportunities. Below, we’ll share our key takeaways from this year’s AWS re:Inforce event.
Cloud Security Trends
The overall theme of AWS re:Inforce was centered around integrating best practices for security and privacy. In his keynote address, AWS CISO Stephen Schmidt said,”[Security] has to be in from the very beginning. This is a best practice that we recommend to customers as we weave security into your development lifecycle and your operations.”
This comes as no surprise as organizations worldwide continue to report increased security incidents from cyberattacks to ransomware. One of our key takeaways from re:Inforce was that ransomware mitigation starts with validating your critical process before something bad happens. This makes sense – you don’t want to find out about a critical flaw in your plan during a real issue. AWS has several services that might be able to help:
- Amazon Inspector can detect vulnerabilities ahead of time
- Amazon GuardDuty can detect anomalous activity
- You can also use the vault feature of AWS Backup
- If your own admins can’t alter or delete data, neither can an attacker!
While an AWS account provides inherent access and security boundaries for your AWS resources, there’s always more that can be done. Here, a managed services provider, like Connectria, can help a great deal by ensuring you maintain resource independence and isolation, as well as set up additional AWS accounts, which is recommended as workloads grow in size and complexity.
New AWS Services Announced
Several new services were announced at AWS re:Inforce, among them were Amazon GuardDuty Malware Protection as well as an integration of GuardDuty with the AWS Security Hub.
GuardDuty, a threat detection service continuously monitors malicious activity, is a great tool for detecting unauthorized behavior. The new Malware Protection service leverages compute to take a snapshot of the associated Amazon Elastic Block Store (EBS) volume. If malware is detected, GuardDuty Malware Protection will automatically send malware findings to other AWS services, including AWS Security Hub, which centralizes alerts and views and automates security checks. The potential source of the suspicious activity is described so that it can be remediated.
Cloud Security Best Practices
The top five IAM recommended practices covered at re:Inforce include:
- Use federation with an IdP for human access
- Require workloads to use temporary credentials
- Require multi-factor authentication(MFA)
- Rotate access keys regularly
- Safeguard root user credentials
Connectria’s team of AWS experts helps ensure our customers’ environments follow architectural principles and best practices. Some of these include resource segregation, appropriately securing and restricting resources by following least privilege, and leveraging different tools within AWS for logging and configuration.
In his keynote, Schmidt went on to detail how, “the process of revoking access to used software should be done regularly and then access shouldn’t be persistent. Instead, you want to be utilizing time-bound access for your admin rights, and actually in many cases if you can do it beyond that even better. Each overly permissive access is an opportunity for an adversary. If you’re on vacation, your access should be as well. Don’t leave it available for a potential adversary to use against you.”
Regularly rotating access keys, included above in the top IAM recommendations, is one of the many best practices we support. Key rotation can actually be scheduled. At Connectria, we use our internal tool, TRiA, which notifies us whenever a key needs to be rotated, either every 60 or 90 days based on the different compliance types.
Continued AWS Support in Ukraine
In March, we reported on how AWS announced initiatives to bolster Ukraine’s cybersecurity defenses. AWS has been working with the Ukrainian government to help improve its cybersecurity posture. This year, AWS expanded the availability of its GuardDuty to more regions. The service helps customers detect and respond to threats in near-real-time. For Ukraine, the availability of GuardDuty means companies can detect and address the continued rise of malware and DDoS attacks.
AWS is also providing Snowball devices for secure edge computing and storage. “We’ve migrated data from 27 Ukrainian ministries, 18 Ukrainian universities, and the largest remote school that supports several hundred thousand children in remote learning because they’re displaced,” Schmidt said in his keynote.
Staying Safe and Secure in the Cloud
In today’s day and age, we know you do everything you can to feel safe and secure in the cloud. For organizations subject to regulatory requirements, our comprehensive security and compliance services ensure the highest standards of data protection and uninterrupted access to your data. From annual audit assistance to 24×7 continuous monitoring and threat prevention, our team is dedicated to protecting what is most important to you and your business.
Contact us today to be connected with one of our security experts who can answer your questions and address your cloud security concerns.