Are you ready to bring more awareness to your brand? Consider becoming a sponsor for The AI Impact Tour. Learn more about opportunities here.
AWSIts vision of achieving stronger, more resilient cloud security is based on applying genetic AI, human insight and improved usability right with every product release — all from a zero-trust attitude.
Steve Schmidt, Amazon’s Chief Security Officer, made this point clear during his keynote address today at the cloud leader’s annual major conference, re:Invent 2023.
Titled Move fast, stay safe: strategies for the future of securitySchmidt’s speech emphasized that cloud security must first be prioritized as a business enabler if it is to succeed.
As such, Schmidt also introduced a number of new AWS cloud security updates and products, including; Amazon Detective and Amazon GuardDuty.
Playing detective and standing guard
Amazon Detective reflects AWS’s focus on providing information about cloud security incidents and investigations, supporting identity access management (IAM), finding group summaries with genetic artificial intelligence, initiating security investigations with GuardDuty ECS Runtime Monitoring, and integration with Amazon Security Lake;
Amazon GuardDuty is designed to detect runtime security groups on Amazon Elastic Container Services (ECS) clusters running on AWS Fargate and Amazon Elastic Compute Cloud (Amazon EC2).
Additional services mentioned during the keynote include Amazon Code Whisperer, which allows AWS customers to connect to internal code stores and create customizations. They were also mentioned Foundation of the Amazon and AWS IAM (Identity and Access Management) access analyzer.. AWS Security Participant Guide for AWS re:Invent 2023 provides a complete list of all breakout sessions, chalk talks, workshops and builder sessions.
Virtual Private Clouds (VPC) for security
AWS emphasized that customer assurance virtual private clouds (VPC) continues to be the catalyst they rely on to continuously improve their customers’ network security. Schmidt mentioned the VPC Accessibility Analyzer and Network Access Analyzer releases. These two services, Schmidt says, can prove whether VPC or network resources are accessible from the Internet. The chart below shows how AWS places these solutions in the context of VPCs.
HIGHLIGHT: Securing AWS customers’ virtual private clouds (VPCs) is a driving force for innovation, as reflected in the latest updates covered during Schmidt’s keynote. Source: Innovation Talk, Move fast, stay safe: Strategies for the future of security
Balancing generational AI with human expertise
Schmidt explained that the AWS cloud security vision looks to leverage rapid advances in AI, AI and machine learning (ML) models to augment human insights and contextual intelligence. AWS views generation AI and its related technologies as symbiotic and augmenting human insight and intelligence, providing security teams with new insights unavailable due to the limitations of existing tools.
“Genetic AI is yet another tool our teams are using to help our customers be more efficient at work while raising the security bar,” Schmidt said.
“Artificial intelligence delivers the best results when it makes expert knowledge available in a context where you can act on that knowledge. At Amazon, we’ve seen this reward pattern time and time again when it comes to security. AI makes security knowledge and deep subject matter expertise widely available,” Schmidt continued.
AWS’s commitment to customers is that it will continue to leverage rapid advances in AI and ML, combined with human expertise to detect threats more accurately.
Schmidt also explained how AWS uses internal large language models (LLM) to speed up the application security review process. LLMs provide support and data for engineers who adapt their findings with human insight.
All-in on zero trust
Schmidt said he often discusses authentication and authorization with CISOs at AWS customers. These conversations tend to turn toward zero trust, the security practice that assumes that all users and third parties interacting with a system could be potential threats. Schmidt says it’s time to get on the same page when talking about zero trust.
“What I’m hearing from other CISOs is that they need to make authentication and authorization decisions with greater sensitivity, flexibility and frequency. The days of relying on oversimplified models where everything outside is bad and everything inside is good are long gone. These simplistic approaches slow business innovation and leave too many gaps in our security posture,” he observed.
Schmidt refers to cybersecurity platforms and systems that assume any identity, device, or endpoint is secure when running inside a firewall. At its core, the zero-trust framework is about granting least-privilege access and monitoring every interaction on a network.
Schmidt explained that AWS is completely zero trust, noting that “zero trust is based on the foundation of authentication and authorization. So for our discussion of zero trust, let’s work with just one simple goal. Let’s talk about how to more accurately and scale authentication.”
“At AWS, we see zero trust as a model where security controls are applied to your assets. Assets are not solely based on traditional network parameters. The model uses identity device attributes and other signals to help you do continuous adaptive and differentiated access control,” observed Schmidt.
VentureBeat’s mission is set to be a digital town square for technical decision makers to learn about transformative business technology and transact. Discover our Updates.