George WilkesJuly 10, 2019
AWS re:Inforce Security Conference Recap
Amazon Web Services (AWS) is the most adopted cloud platform in the world and caters to millions of customers including start-ups, government agencies, and multinational companies. Cyxtera recently attended AWS re:Inforce, a conference created to bring security leaders together to discuss the most pressing issues facing the industry today.
Amazon Web Services (AWS) announced their inaugural re:Inforce security conference last December, at AWS re:Invent. Security has grown into such an important topic for AWS and its customers that a designated space and venue for deep-dives, innovation, and technical discussions was clearly needed.
AWS re:Inforce was the product of that need. This past week, more than 12,000 security professionals from enterprises and vendors headed to Boston for the first ever AWS security conference. During Tuesday’s keynote, AWS CISO Steve Schmidt talked about how most of their clients must track and report on their security posture at a board level – which is no surprise, but provides a solid validation that security is on the top of every organizations’ list of priorities.
The most impactful ideas mentioned in the Keynote include:
- Schmidt stated that he believes we are at a point where security should no longer be a scary topic as there are many effective tools that can help organizations minimize risk.
- Schmidt asserted that he doesn’t believe that the concept of DevSecOps is as revolutionary as many in the industry believe. Security must be built into any organization’s operations; if it is not, operations will fail and put companies at great levels of risk.
- Capital One CISO Michael Johnson joined Schmidt and discussed how complexity in security remains an issue. They made it their goal to engage with vendors that can easily integrate with other technologies and offer more than one solution to help organizations simplify their security strategy.
- The concept of least-privilege has taken off and organizations are starting to realize the benefits of limiting trust in users.
Throughout the show, we paid specific attention to the last point related to Zero Trust. Several organizations, including some of our customers, spoke openly about their Zero Trust vision, how they got started, and the benefits:
- Luke Starr, Senior Security Analyst at Harvard Business Publishing, expressed that one of the most powerful benefits of adopting a Software-Defined Perimeter model was the unmatched network visibility.
- Benjamin Mullen, Information Security Manager at Bain Capital, discussed the power of being able to leverage previous investments through the data that results from implementing Zero Trust.
- In the case of FINRA, we had the honor of co-presenting a session with Steve Mele, Development Lead, and Daniel Koo, Senior Director of DevOps Products. They explained how they secured and automated network access by integrating AWS best-in-class native security services like IAM, security groups, and tags to secure their environment with Appgate. This allowed FINRA to meet certain requirements that they otherwise could not meet. To view FINRA’s presentation, please click here.
Our team, customers, and the professionals we met at AWS re:Inforce seemed to have really enjoyed the content, which means that we will all be back — but next time in Houston for re:Inforce 2020.