Showing only posts tagged Security, Identity, & Compliance. Show all posts.

Encryption in transit over external networks: AWS guidance for NYDFS and beyond

Source

On November 1, 2023, the New York State Department of Financial Services (NYDFS) issued its Second Amendment (the Amendment) to its Cybersecurity Requirements for Financial Services Companies adopted in 2017, published within Section 500 of 23 NYCRR 500 (the Cybersecurity Requirements; the Cybersecurity Requirements as amended by the Amendment …

Making sense of secrets management on Amazon EKS for regulated institutions

Source

Amazon Web Services (AWS) customers operating in a regulated industry, such as the financial services industry (FSI) or healthcare, are required to meet their regulatory and compliance obligations, such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPPA). AWS offers …

Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support

Source

When using cryptography to protect data, protocol designers often prefer symmetric keys and algorithms for their speed and efficiency. However, when data is exchanged across an untrusted network such as the internet, it becomes difficult to ensure that only the exchanging parties can know the same key. Asymmetric key …

Using Amazon GuardDuty Malware Protection to scan uploads to Amazon S3

Source

Amazon Simple Storage Service (Amazon S3) is a widely used object storage service known for its scalability, availability, durability, security, and performance. When sharing data between organizations, customers need to treat incoming data as untrusted and assess it for malicious files before ingesting it into their downstream processes. This …

How to centrally manage secrets with AWS Secrets Manager

Source

In today’s digital landscape, managing secrets, such as passwords, API keys, tokens, and other credentials, has become a critical task for organizations. For some Amazon Web Services (AWS) customers, centralized management of secrets can be a robust and efficient solution to address this challenge. In this post, we …

Cloud infrastructure entitlement management in AWS

Source

Customers use Amazon Web Services (AWS) to securely build, deploy, and scale their applications. As your organization grows, you want to streamline permissions management towards least privilege for your identities and resources. At AWS, we see two customer personas working towards least privilege permissions: security teams and developers. Security …

Network perimeter security protections for generative AI

Source

Generative AI–based applications have grown in popularity in the last couple of years. Applications built with large language models (LLMs) have the potential to increase the value companies bring to their customers. In this blog post, we dive deep into network perimeter protection for generative AI applications. We …

Spring 2024 SOC 2 report now available in Japanese, Korean, and Spanish

Source

Japanese | Korean | Spanish At Amazon Web Services (AWS), we continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs. We are pleased to announce that the AWS System and Organization Controls (SOC) 2 report is now available in Japanese …

Hardening the RAG chatbot architecture powered by Amazon Bedrock: Blueprint for secure design and anti-pattern mitigation

Source

This blog post demonstrates how to use Amazon Bedrock with a detailed security plan to deploy a safe and responsible chatbot application. In this post, we identify common security risks and anti-patterns that can arise when exposing a large language model (LLM) in an application. Amazon Bedrock is built …

SaaS authentication: Identity management with Amazon Cognito user pools

Source

Amazon Cognito is a customer identity and access management (CIAM) service that can scale to millions of users. Although the Cognito documentation details which multi-tenancy models are available, determining when to use each model can sometimes be challenging. In this blog post, we’ll provide guidance on when to …

How AWS tracks the cloud’s biggest security threats and helps shut them down

Source

Threat intelligence that can fend off security threats before they happen requires not just smarts, but the speed and worldwide scale that only AWS can offer. Organizations around the world trust Amazon Web Services (AWS) with their most sensitive data. One of the ways we help secure data on …

OSPAR 2024 report now available with 163 services in scope

Source

Amazon Web Services (AWS) is pleased to announce the completion of our annual Outsourced Service Provider’s Audit Report (OSPAR) audit cycle on July 1, 2024. The 2024 OSPAR certification cycle includes the addition of 10 new services in scope, bringing the total number of services in scope to …

Federated access to Amazon Athena using AWS IAM Identity Center

Source

Managing Amazon Athena through identity federation allows you to manage authentication and authorization procedures centrally. Athena is a serverless, interactive analytics service that provides a simplified and flexible way to analyze petabytes of data. In this blog post, we show you how you can use the Athena JDBC driver …

AWS completes the first GDV joint audit with participant insurers in Germany

Source

We’re excited to announce that Amazon Web Services (AWS) has completed its first German Insurance Association (GDV) joint audit with GDV participant members, which provides assurance to customers in the German insurance industry for the security of their workloads on AWS. This is an important addition to the …

How to deploy an Amazon OpenSearch cluster to ingest logs from Amazon Security Lake

Source

Many customers use Amazon Security Lake to automatically centralize security data from Amazon Web Services (AWS) environments, software as a service (SaaS) providers, on-premises workloads, and cloud sources into a purpose-built data lake in their AWS accounts. With Security Lake, customers can choose between native AWS security analytics tools …

AWS revalidates its AAA Pinakes rating for Spanish financial entities

Source

Amazon Web Services (AWS) is pleased to announce that we have revalidated our AAA rating for the Pinakes qualification system. The scope of this requalification covers 171 services in 31 global AWS Regions. Pinakes is a security rating framework developed by the Spanish banking association Centro de Cooperación Interbancaria …

Accelerate incident response with Amazon Security Lake – Part 2

Source

This blog post is the second of a two-part series where we show you how to respond to a specific incident by using Amazon Security Lake as the primary data source to accelerate incident response workflow. The workflow is described in the Unintended Data Access in Amazon S3 incident …

How to build a CA hierarchy across multiple AWS accounts and Regions for global organization

Source

Building a certificate authority (CA) hierarchy using AWS Private Certificate Authority has been made simple in Amazon Web Services (AWS); however, the CA tree will often reside in one AWS Region in one account. Many AWS customers run their businesses in multiple Regions using multiple AWS accounts and have …

How to use the AWS Secrets Manager Agent

Source

AWS Secrets Manager is a service that helps you manage, retrieve, and rotate database credentials, application credentials, API keys, and other secrets throughout their lifecycles. You can use Secrets Manager to replace hard-coded credentials in application source code with a runtime call to the Secrets Manager service to retrieve …

Patterns for consuming custom log sources in Amazon Security Lake

Source

As security best practices have evolved over the years, so has the range of security telemetry options. Customers face the challenge of navigating through security-relevant telemetry and log data produced by multiple tools, technologies, and vendors while trying to monitor, detect, respond to, and mitigate new and existing security …

AWS renews TISAX certification (Information with Very High Protection Needs (AL3)) across 19 regions

Source

We’re excited to announce the successful completion of the Trusted Information Security Assessment Exchange (TISAX) assessment on June 11, 2024 for 19 AWS Regions. These Regions renewed the Information with Very High Protection Needs (AL3) label for the control domains Information Handling and Data Protection. This alignment with …

AWS achieves third-party attestation of conformance with the Secure Software Development Framework (SSDF)

Source

Amazon Web Services (AWS) is pleased to announce the successful attestation of our conformance with the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF), Special Publication 800-218. This achievement underscores our ongoing commitment to the security and integrity of our software supply chain. Executive Order …

Strategies for achieving least privilege at scale – Part 2

Source

In this post, we continue with our recommendations for achieving least privilege at scale with AWS Identity and Access Management (IAM). In Part 1 of this two-part series, we described the first five of nine strategies for implementing least privilege in IAM at scale. We also looked at a …

Strategies for achieving least privilege at scale – Part 1

Source

Least privilege is an important security topic for Amazon Web Services (AWS) customers. In previous blog posts, we’ve provided tactical advice on how to write least privilege policies, which we would encourage you to review. You might feel comfortable writing a few least privilege policies for yourself, but …

Top four ways to improve your Security Hub security score

Source

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks across your Amazon Web Services (AWS) accounts and AWS Regions, aggregates alerts, and enables automated remediation. Security Hub is designed to simplify and streamline the management of security-related data from various AWS …

« newer articles | page 3 | older articles »