Security has as always and will be number one on the list of priorities when migrating, managing and running operations within the cloud, whether it be focused on identity and access management, infrastructure protection, data protection, detection, or incident response, it’s always an important factor! So what is the best way to stay on top of AWS security recommendations when technology is always changing so fast and new threats are being uncovered and developed at the same rapid pace? In this post I hope to provide you with a list of options to help you stay in the know when it comes to security.
AWS Security Blog
The AWS security blog is a great way to help keep you ahead of new challenges, changes and developments relating to all things related to AWS security. It is updated regularly with new posts, promoting news, best practices, service features and announcements, technical how-to’s, events and much more. It provides a vast library of content that you can sift through to keep on top of your security needs. The posts allow you to comment should you have any questions or queries, in addition to sharing a link to the post using social media channels such as FaceBook, LinkedIn, Twitter, or email.
Some examples of the most recent posts include:
- AWS achieves its third ISMAP authorization in Japan
- Three ways to accelerate incident response in the cloud: insights from re:Inforce 2023
- Customer Compliance Guides now available on AWS Artifact
If you want to be notified every time a new security post has been published you can subscribe to the RSS feed using any feed reader.
You can also check out the Cloud Academy Blog for the latest on recent AWS content updates, exam and certification updates and more. For more on how to stay in the know on all things AWS, read our latest post, Top 5 Ways to Get Certified on AWS Releases.
AWS Security Bulletins
AWS Security bulletins only focus on information that contains important information about security and privacy notifications, as a result there are far less bulletin posts compared to AWS Security blog posts. Any security bulletin posted should really be read and understood as it could have a significant impact on the security of your AWS environment. You can filter the bulletins on the year it was published, in addition to if the content is listed as ‘important’ or ‘informational’.
Some examples of the most recent bulletins include:
- Issue with AWS Directory Service EnableRoleAccess
- Reported GuardDuty Finding Issue
- Issue With IAM Supporting Multiple MFA Devices
As you can see, these bulletins focus more directly on security issues that could impact your environment.
The Security Bulletin also has an RSS feed that you can follow to stay up to date.
As a tech leader, you know that security is one of the most significant issues holding back cloud adoption. Cloud Academy’s training library focuses deeply on IT Security, allowing your team to stay up to date on new security breaches and ways to resolve them.
To learn more about how we can help you to secure your cloud environment, or for help on choosing the right AWS security certifications for you and your team, contact us and request a free demo!
AWS Service Documentation
The rate of change to AWS services, features and toolsets can sometimes be difficult to stay on top of, last year alone there were over 2000 updates to their services. If you subscribe to the AWS Security blog post, then you might want to dive deeper into an announcement that has been made regarding a new security service. Looking at the Service Documentation will provide you a high-level overview of the service in question. As expected there is a section for all AWS services, but the area that you’ll likely be interested in can be found under the heading of Security, Identity & Compliance which covers all security services offered by AWS.
Selecting one of these services will give you a single page high-level overview of the service selected, giving you enough information to understand what it does, the benefit it provides, and how it can fit into your architecture to enhance your security posture.
As an example of the kind of document you’ll see, the following extract has been taken from the AWS Key Management Service documentation.
Every year AWS hosts a conference specifically aimed at all things security, AWS re:Inforce! This year (2023) it was held in Anaheim, California and was a 2 day event. This is a fantastic opportunity to connect with industry leaders in this field and attend some great breakout sessions to enhance your knowledge in different areas, relevant for beginners and experts, you will find sessions for all. By visiting the Expo you’ll be able to interact with AWS experts and receive demonstrations on the latest services and technology.
It all starts with the Keynote session, which is highly recommended as you will normally be first to hear of new security services and technologies that AWS is launching and making generally available. To find out more about this year’s announcements that were made during the keynote, held by CJ Moses, Chief Information Security Officer (CISO) for AWS, read this post.
The great thing about these AWS conferences is that some of the sessions are recorded, which you can view at a later date via the AWS events YouTube Channel. This playlist is specifically related to AWS re:Inforce 2023, so feel free to go and take a look!
Other Industry News
Now of course you shouldn’t just rely on AWS blogs and bulletins to enhance your knowledge within the world of security, there are also numerous industry news feeds which cover security as a whole, and these should also be regularly visited and reviewed. A few of them include, and in no particular order:
As these sites cover a wide scope of security news, you’ll uncover information on topics such as vulnerabilities, data breaches, cyber attacks, threats, risk management, CISO strategies, events and conferences, podcasts, and more!
Common Vulnerabilities and Exposures List
The Common Vulnerabilities and Exposures List was set up as a program to help everyone identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. When these vulnerabilities are first discovered by partnered organizations across the globe, they are given a unique CVE record and published. This allows security professionals to use this extensive list as a source of information to help them mitigate and protect themselves against known threats, and the great thing is that it’s free to use and search!
Most people use one form or another of social media, and it’s a very easy way to keep in the loop on topics of interest. There are a lot of companies and individuals who are leaders in the field of AWS and security, here are just 10 Twitter accounts to get you started! Start following and connect with these people and organizations to ensure their posts appear directly into your daily feed.
- @awscloud – The official account for Amazon Web Services
- @AWSSecurityInfo – The official Twitter profile for AWS Security. Infrastructure and services to elevate your security in the cloud
- @AWS_Security – This is the official twitter account for the AWS Security Team. If you have a pressing security issue, please contact us.
- @AWSIdentity – The AWS Cloud allows customers to scale & innovate, while securely managing identities, resources & permissions. Follow us for the latest about AWS Identity.
- @ISC2 – An international nonprofit membership association focused on inspiring a safe and secure cyber world.
- @CVEnew – Official account maintained by the CVE Program to notify the community of new CVE IDs. cve.org
- @Werner – CTO @ Amazon
- @jeffbarr – Chief Evangelist @Amazon Web Services: follow me for AWS updates & chatter
- @mosescj58 – AWS CISO
- @TeriRadichel – CEO @2ndSightLab | Cybersecurity Author Instructor Pentester l GSE 240 | IANS Faculty
To learn more about Cloud Academy and how we can assist you on your journey to the cloud, contact us and request a free demo!