Security, Identity, & Compliance Archives - Page 10 of 179

Posted on May 28, 2024May 29, 2024 by admin

Navigating the threat detection and incident response track at re:Inforce 2024

A full conference pass is $1,099. <a href=”https://register.reinforce.awsevents.com/?trk=direct” target=”_blank” rel=”noopener”>Register today</a> with the code flashsale150 to receive a limited time $150 discount, while supplies last. We’re counting down to <a href=”https://reinforce.awsevents.com/” target=”_blank” rel=”noopener”>AWS re:Inforce</a>, our annual cloud security event! We are thrilled to invite security enthusiasts and builders to join us in Philadelphia, PA, from […]

Posted on May 22, 2024May 23, 2024 by admin

Spring 2024 SOC reports now available with 177 services in scope

We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that the Spring 2024 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover the 12-month period from April 1, 2023 to March 31, 2024, so that customers have […]

Posted on May 22, 2024May 22, 2024 by admin

How to implement single-user secret rotation using Amazon RDS admin credentials

You might have security or compliance standards that prevent a database user from changing their own credentials and from having multiple users with identical permissions. AWS Secrets Manager offers two rotation strategies for secrets that contain Amazon Relational Database Service (Amazon RDS) credentials: single-user and alternating-user. In the preceding scenario, neither single-user rotation nor alternating-user rotation would […]

Posted on May 21, 2024May 21, 2024 by admin

2024 ISO and CSA STAR certificates now available with two additional AWS Regions and three additional services

Amazon Web Services (AWS) successfully completed a special onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. Ernst and Young CertifyPoint auditors conducted the audit and reissued the certificates on May 16, 2024. The objective of the audit […]

Posted on May 20, 2024May 21, 2024 by admin

Integrating AWS Verified Access with Jamf as a device trust provider

In this post, we discuss how to architect Zero Trust based remote connectivity to your applications hosted within Amazon Web Services (AWS). Specifically, we show you how to integrate AWS Verified Access with Jamf as a device trust provider. This post is an extension of our previous post explaining how to integrate AWS Verified Access […]

Posted on May 17, 2024May 17, 2024 by admin

A sneak peek at the data protection sessions for re:Inforce 2024

Join us in Philadelphia, Pennsylvania on June 10–12, 2024 for <a href=”https://reinforce.awsevents.com” target=”_blank” rel=”noopener”>AWS re:Inforce</a>, a security learning conference where you can gain skills and confidence in cloud security, compliance, identity, and privacy. As an attendee, you have access to hundreds of technical and non-technical sessions, an Expo featuring <a href=”https://aws.amazon.com/” target=”_blank” rel=”noopener”>Amazon Web Services […]

Posted on May 16, 2024May 17, 2024 by admin

How to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on, request signing, and encrypted assertions

When an identity provider (IdP) serves multiple service providers (SPs), IdP-initiated single sign-on provides a consistent sign-in experience that allows users to start the authentication process from one centralized portal or dashboard. It helps administrators have more control over the authentication process and simplifies the management. However, when you support IdP-initiated authentication, the SP (<a […]

Posted on May 15, 2024May 16, 2024 by admin

AWS plans to invest €7.8B into the AWS European Sovereign Cloud, set to launch by the end of 2025

English | German <a href=”https://aws.amazon.com/” target=”_blank” rel=”noopener”>Amazon Web Services (AWS)</a> continues to believe it’s essential that our customers have control over their data and choices for how they secure and manage that data in the cloud. AWS gives customers the flexibility to choose how and where they want to run their workloads, including a […]

Posted on May 15, 2024May 15, 2024 by admin

Investigating lateral movements with Amazon Detective investigation and Security Lake integration

According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In Amazon Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]

Posted on May 14, 2024May 15, 2024 by admin

Governing and securing AWS PrivateLink service access at scale in multi-account environments

Amazon Web Services (AWS) customers have been adopting the approach of using AWS PrivateLink to have secure communication to AWS services, their own internal services, and third-party services in the AWS Cloud. As these environments scale, the number of PrivateLink connections outbound to external services and inbound to internal services increase and are spread out […]

Category: Security, Identity, & Compliance