AWS’s re:Invent kicks off this week with a mix of keynotes, bootcamps and technical sessions. As ever, there’s a huge catalog of sessions to chose from but you can’t attend them all! Here we pick out 3 security sessions that we think are essential viewing for everyone who cares about securing their workloads on the AWS Cloud (so everyone, then!).
A least privilege journey: AWS IAM policies and Access Analyzer (SEC324)
Protecting your identities and adopting a least privilege approach are Cloud Security 101. Therefore, starting our recommended security sessions with Identity and Access management (IAM) is no surprise. We love a little identity wrangling! As a bonus, it’s being presented by Brigid Johnson, one of the most engaging speakers you will come across! She loves a good example to bring it to life!
Do you know your user groups from your resource role? Are you looking to adopt a role based or attribute based approach, or a little of column A, a little of column B? Do you care about geographic or time based access? In this session, Brigid will provide tips and tricks on how to make sure you apply the right permissions to the right users. The session will also cover how to use tools such as IAM Access Analyser to validate your assigned conditions and continuous refine them.
AWS Security Reference Architecture: Visualize your security (SEC203)
AWS has a heap of security services that cover notification and enforcement. How you glue them together forms your key security controls for your AWS environment. Fortunately, AWS security services, like all AWS services, are designed for automation. Automation should be a key component of your security toolkit. Did you know that earlier this year, AWS released a Security Reference Architecture (SRA)? The SRA is a set of guidelines for deploying the full complement of AWS security services into a multi-account environment.
How do AWS security services work together and how do you deploy them? How can you use the SRA? In this session, the team will take you through the design decisions that were adopted in developed the SRA and how you can use it with your AWS based workloads.
This is essential viewing for everyone building on AWS.
Use AWS to improve your security posture against ransomware (SEC308)
In the last of our essential security sessions, we look at ransomware. We’ve all seen the stories and heard the news that seems to come almost weekly. Ransomware is not a Cloud problem. It’s a problem for all IT and Security professionals. How do you reduce the risk of becoming a victim to such an attack? If the worst should happen, how can you protect your organisation and recover quickly and effectively?
It starts with protection through approaches such as least privilege access. From there you can implement tools that provide early detection. Finally, you need to make sure you have enabled (and tested) a recovery capability. The native services and ability of the AWS Cloud can help you do all of these faster and cheaper that in a traditional environment.
In this session, learn how you can use the AWS Cloud to protect yourself against malware, including ransomware. The session provides insight into the tools and approaches that can reduce your risk of a ransomware incident.
Stay tuned for more from re:Invent
We will be following the event closely, even if we can’t be there in person this year. Stay tuned to our blogs and the usual channels for updates during the week that is re:Invent!