Never incorporate personal information:
- date of birth,
- social insurance number
- first name of your children,
and your passwords and usernames.
The first AWS Conference dedicated to cloud security The first Amazon Web Services (AWS) security event, AWS re:Inforce, was held in Boston on June 25–26, 2019. Fortica, a cloud security specialist in Quebec and partner of Hitachi Systems Security, was among the 5,000 cloud security experts who attended this major conference. These two days were an opportunity to discuss the challenges of cloud security far beyond contexts specific to AWS. Here is a three-point summary that will make you feel as if you were there: The possibilities for complying and aligning with the most demanding security practices in the AWS Public Cloud were broadly highlighted. A number of major players in the financial industry in North America, including CapitalOne, presented their approach. Standardizing security policies by putting in place guardrails was a major topic discussed during the sessions and sponsor demonstrations. It is a matter of defining secure boundaries—based on the context—within which development teams can be autonomous. Ideally, security policies can be reused through labels (for example, a developer will be able to change the roles of their hosted application in an environment labelled “Test” but not in one labelled “Production”). Visibility in the cloud and assessing the security posture of the cloud were other major discussion topics. They were also widely represented among the sponsors gathered at the Security Hub. Multicloud information systems, the autonomy of DevOps teams, and the ease of deploying resources in the cloud make configuration issues and vulnerabilities that expose data inevitable. This first AWS cloud security event delivered on all its promises by highlighting emerging security practices and innovative solutions. The AWS re:Inforce conference has become a can’t-miss event for all cloud security experts. The next conference has already been announced. It will take place in Houston in 2020. In the meantime, Fortica will be staying up to date on innovations and trends in cloud security and adapting its practices to benefit its customers. If you have questions about your cloud’s security, whether for an audit or support in deployment, Fortica has the expertise and services to meet your needs. The Fortica team
AWS offers a secure default configuration with a large number of security services to respond to many different needs and scenarios.
AWS CISO Steve Schmidt announced the launch of Control Tower, a service that enables applying uniform cloud security and compliance policies across multiple accounts within a single organization.
There are solutions to detect anomalies as soon as possible, even before resources forecasting, by analyzing CloudFormation templates, which allows triggering alerts or automatically correcting configuration deviations. AWS natively offers equivalent solutions that are effective in meeting basic needs limited to AWS. In a more complex, demanding, or multicloud environment, a CSPM (Cloud Security Posture Management) solution is crucial.