AWS re:Invent 2020

I have been attending the Amazon re:Invent virtual event for 2020 https://virtual.awsevents.com. The content briefings are Tuesday through Thursday through December 17th and they are replaying previous talks over extended hours and days. There have been numerous announcements, here are some of the highlights in security I found interesting.

In Security management, there was further guidance on integrating security roles into an AWS organization. They also described more SecDevOps tasks required to support monitoring and logging of applications using ControlTower within an organization. The main organizational thread has steered towards requirements for DevOps. There have been threads discussing operations, security management, and financial requirements. The offering is becoming clearer about how to address the composite requirement. AWS continues to make progress in automating compliance checking with GuardDuty. Automating security compliance checking and conformance management with the AWS tools is a good way to improve the security posture and reduce staffing costs.

AWS states that one of their value propositions is to allow customers to focus on using tools instead of maintaining tools. Along that line, an AWS firewall was introduced providing more filtering and monitoring capability than existing security groups and the layer 7 WAF capabilities. For network services using non-web protocols, there is now an AWS managed solution. Firewalls were always available in the Marketplace, but this provides a managed infrastructure service.