Recap: Cloud Governance and Security at AWS re:Invent 2020
Last year, the annual AWS re:Invent conference was a three-week-long virtual event that was free to attend. As we have seen in previous years, re:Invent is never short of news, compelling use cases from customers and partners, and updates to the AWS portfolio. 2020 was no exception, as AWS continues to drive a broad ecosystem of solutions and services applicable to a variety of use cases. Particularly impressive is the rate at which Amazon releases new technologies whilst supporting and maturing their already existing solutions.
Below, we’ve recapped some of the main security and governance-focused announcements from last year’s re:Invent.
New Updates to AWS Well-Architected Framework
AWS Well-Architected Framework, originally based on a whitepaper and first launched in 2017, aims to help companies build secure, high-performing, resilient and efficient solutions. It is based on five pillars: operational excellence, security, reliability, performance efficiency and cost optimization. At this year’s re:Invent, Amazon announced a new Well-Architected SaaS Lens to help accelerate building Software-as-a-Service (SaaS) solutions.
The Well-Architected SaaS Lens intends to drive critical thinking for developing and operating SaaS workloads by adding tailored questions to the tool. These questions provide a list of best practices which, in turn, guide successful implementation. Thousands of software developers and AWS Partners collaborated to develop these questions in order to ensure their effectiveness in building and operating AWS-based SaaS architecture.
Security Products Gain New Abilities
Amazon also announced several updates to its security products. These updates help secure the cloud environment by raising awareness and ensuring policies are defined, measured and maintained at all times. We’ve outlined some of the notable updates to security products below.
AWS Security Hub Adds Open Source Tool Integrations with Kube-bench
Kube-bench from AquaSec is a popular open-source resource used to configure Kubernetes clusters. With this update, AWS Security Hub automatically receives findings from the open-source tool Kube-bench and determines whether your cluster is configured in accordance with the Center for Internet Security (CIS), supporting both the CIS Kubernetes Benchmark and the CIS Amazon Elastic Kubernetes Service (Amazon EKS) Benchmark.
AWS CloudTrail Allows for Granular Control on Event Logging
AWS CloudTrail helps discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in the AWS account within a specified period of time. Now, CloudTrail allows granular control on event logging in order to monitor specific security incidents. This enables you to maintain observability while keeping overhead costs down.
AMI Support Tags at Creation
With this update, it is possible to tag AMIs as they are created, rather than waiting until after creation. Tagging resources at the time of creation eliminates the need to run custom tagging scripts after creation and enables better fine-grain control of the AMIs.
Securing and Controlling Your AWS Cloud Environment
Security remains a universal focal point, and the announcements at re:Invent reinforce the importance of protecting resources in the cloud environment. In defining the five pillars, AWS stresses the gravity of ensuring security before architecting any workload by enforcing complete access control and proactively identifying security incidents.
To address this need, CloudSphere provides a cloud management platform that protects and enforces multi-cloud controls and policies across customer bases, accounts and clouds. With an agnostic single view into each of the shared responsibility and model segments, CloudSphere’s granular level of monitoring is out of the box, with customized alert thresholds as needed to meet AWS’ standards of security.
To accelerate your journey with AWS, request a free demo with CloudSphere here.