Dec 12 · 4 min read
AWS re:Invent 2019 re:Cap
By: Jennifer Ellard
The Cmd team landed in Vegas last week for one of the largest tech events of the year, AWS re:Invent 2019! This conference was packed with 65,000+ technology and security professionals looking to learn best practices for AWS and exchanging ideas with one another at sessions, parties, and the general flow of this massive event.
As a security company, we’ve definitely got a particular point of view when showing up at an event as large and diverse as this one. Here’s what’s for sure: security is a huge part of the AWS ecosystem… as it should be.
There is so much interest from developers in how to make apps that are safer and better protect customer information. It’s no wonder that AWS spun off a whole event just focusing on this in AWS re:Inforce – coming to Houston in June 2020!
DevOps and Security are finally coming together
AWS re:Invent had no shortage of security sessions this year. The volume and nature of information here is a testament to how seriously AWS takes security and how foundational security is to the cloud platform.
With sessions ranging from product overviews for AWS solutions like Amazon GuardDuty and AWS Security Hub, all the way to advanced topics like threat hunting in AWS and security & governance architecture, there was plenty to learn – whether you are just getting your feet wet or you’ve been a security practitioner for your entire career. Some of the sessions that were most interesting to us were:
- Provable access control: know who can access your AWS resources
- Monitoring anomalous application behavior
- Access control confidence: Grant the right access to the right things
- Access management in 4D
AWS has a lot of tooling you can take advantage of if you have the time, resources, and coordination to build security into your application from the ground up. It’s great to see how seriously AWS takes this aspect of DevOps.
The key is making security easy, fast, and DevOps-friendly
In many cases, designing security in from the ground up can be a bigger endeavor than an organization is able to take on. Not to mention – what do you do about applications that are already running, and haven’t been instrumented to take advantage of all this great new stuff?
Cmd’s Head of Product & Design, David Ismailov, paid close attention to this as he interacted with folks throughout the event. Here are some of David’s thoughts:
There is a lot of promise in AWS’s security offerings, but it can be a long road to see all that value. And so many security solutions create a lot of hassle when it comes to implementing and managing them.
What really struck me at the AWS was how many people are looking for frictionless security. Remember, the people at re:Invent are primarily DevOps engineers – all different types of them. They are trying out how to build code fast and efficiently that’s going to surprise and delight their users. They want to do it securely, but security isn’t their primary driver.
So people are asking: how can we make security easy and fast? How can it fit with the way we currently work in DevOps?
Product design and ease-of-use play critical roles in rolling out a security solution, having DevOps adopt security best-practices, and enforce security policies effectively in daily operation. Furthermore, really understanding the workflows in use within DevOps is critical – basically, how security tasks can smoothly integrate with and flow between all the various tools that developers and operators love and depend on. DevOps is all about reducing friction – that’s true when it comes to security too.
We’ve seen too many security solutions get forgotten or rejected by DevOps because they slow development down. This is one of the biggest challenges in the security industry, especially as cloud solutions like AWS get more widely adopted.
Excitement and enthusiasm over Linux Security at the Cmd Gaming Lounge
The Cmd Gaming Lounge (which was full of retro video games, candy, drinks, and good times!) created a great opportunity for people to understand that not all security solutions are a hassle to deal with. People came by to take a break from the hustle and bustle of the show. Some just wanted to play a video game or two. Others came in to challenge their friends or grab a cocktail.
But most came in to see what Cmd has to offer. With our ease of use, sleek design, and lightweight offerings, we were able to show off so much of what Cmd does really well for AWS users:
Easy way to track user activity throughout the AWS environment, whether they are using local accounts, shared accounts, or root accounts.
- Simple controls and guardrails to prevent mistakes and unauthorized commands, even by privileged users.
- A Linux-native way of implementing privileged access management for cloud environments
- Super-fast and clear searching and investigations when incidents happen
- Easy deployment in seconds across all major distros of Linux
At Cmd, we’ve designed a security solution that works with the DevOps workflow, instead of against it. And that’s making all the difference!
Download: Four Reasons Why Linux Attacks Will Grow in 2020
As Linux continues to rise in popularity, so does its vulnerability to attackers. Linux security and compliance requires Linux-designed solutions that will keep critical information on the servers secure all while allowing DevOps to function effectively.
Download this whitepaper to learn why Linux is being targeted and how Cmd will reduce the odds of your organization becoming a target for attackers.
Meanwhile, if you weren’t able to swing by our Gaming Lounge, it’s ok. We’d still love to show you how we can help you track and control user activity in AWS – or any production Linux environment for that matter.
Sign up for a demo of Cmd today.