Like Paris Hilton in 2003, Amazon Web Services (AWS) wants cybersecurity professionals to embrace the simple life.
AWS CISO Amy Herzog took the stage on day two of the company’s annual re:Inforce conference this week in Philadelphia to share some of the cloud giant’s latest security innovations, each aiming to simplify capabilities on existing tools. Herzog took on the role as CISO of the cloud giant earlier this month, replacing Chris Betz. She was previously CISO for Amazon’s AGI, ads, devices, and global media and entertainment units.
New identity. Herzog kicked off Tuesday’s keynote by announcing updates to AWS Identity and Access Management (IAM), the cloud giant’s web service that allows organizations to manage who has access to AWS resources. She said IAM, launched in 2011, was designed to “address the complex needs of modern cloud authentication and authorization at a massive scale,” and handles 1.2 billion API calls per second worldwide, she said.
“That means that 1.2 billion times per second, IAM is asked to determine if an API call should be permitted or denied,” she said.
Herzog announced that starting Tuesday, internal access findings will be made generally available as a new IAM Access Analyzer capability. The automated reasoning-powered tool analyzes policy types—including service control policies and resource control policies—to identify which roles or users have access to S3 buckets, Amazon DynamoDB tables, or Amazon Relational Database Service snapshots.
Networking. Herzog also discussed new network protection capabilities. AWS customers will now be able to preview AWS Shield’s network security director. AWS Shield is a managed distributed denial of service protection service.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
The new capability will allow AWS customers to easily pinpoint network security configuration issues by displaying identified risks and their severity level and providing specific remediation recommendations for them.
“It’s kind of like having a team of AWS security experts monitoring your network architecture and giving you the bottom line,” Herzog said.
Herzog also announced a new “simplified console experience” for AWS Web Application Firewall, which she said reduces the steps needed to configure initial application security by 80%. Rob Kennedy, AWS VP of network services, told IT Brew that the update simplifies the WAF security setup process for customers.
“Before there was a I would call it a complex process to go through, which was time-consuming…Today you can go in, you basically select the type of application that you want to protect, and straight away, [it] will give you a recommendation of what you should set up,” he said.
Subtle flex. During her keynote, Herzog touted some of AWS’s security feats occurring behind the scenes. She mentioned that AWS IAM now has a 100% multi-factor authentication enforcement rate for root users across all AWS account types.
The freshly appointed CISO also highlighted the hard work of the cloud giant’s active defense tools.
“In the four months between December 9, 2024 to April 30 of this year, AWS prevented 943.6 million attempts to perform unauthorized encryption of customer S3 objects,” she said.