Speaking of Amazon Cloud Technology's annual re:Invent global conference, I believe that all the friends in the IT industry are familiar with it. However, starting in 2019, another re:Inforce Global Cloud Security Conference with a very similar name has also gained fame in the global security field.
Recently, Amazon Cloud Technology 2022 re:Inforce Global Cloud Security Conference ended in Boston, USA. As the top feast in the global security field, this conference shared the latest insight, successful experience and best practices of Amazon cloud technology in the field of cloud security and compliance with global customers through keynote speeches, technology sharing and hands-on practice. Practice, and released a number of new security services and functions to help customers more effectively build a cloud security environment and meet compliance requirements.
"Why do we hold re:Inforce in addition to re:Invent? This is because security is so important to enterprises, so we separate out security as a theme and hold an event every year. Activities." Chen Xiaojian, General Manager of Product Department of Amazon Cloud Technology Greater China, introduced to Ququ Technology.
The Security Concept of Amazon Cloud Technology
Since security is so important, what kind of security concept does Amazon Cloud Technology itself have?
"Instead of fighting fires, it is better to prevent problems before they happen. After discovering security problems and solving them in the first place, Amazon cloud technology will also support various security incidents of millions of customers around the world through our massive operations and through us, Reuse the practice obtained in one customer to other customers, so as to achieve economies of scale.” When talking about the security concept of Amazon Cloud Technology, Chen Xiaojian summarized its key points into the following aspects:
1. The highest priority of security is to solve basic problems: In the field of security, Amazon Cloud Technology has rich practices around the world, and has built these practices into its own cloud services.
2. Scale effect: Amazon cloud technology processes a large number of API requests and log records around the world every day, and can quickly resolve abnormal situations that occur on a single customer through monitoring, and protect other users from the same threats or attacks.
3. Integrate security into the development life cycle and operation of products or services: set up a security guardian group, set up security personnel positions in the product team according to a certain proportion, make them responsible for all security of products and services, and set up independent Application security review process, updates and releases of services applicable to all products.
4. Separate people and data: The two most important factors in security are people and data, and the intersection formed by the intersection of the two dimensions will be a more rigorous security solution.
5. Onion-shaped multi-layer protection: Security in the cloud should be an onion-shaped multi-layer protection, not an egg. Therefore, security on the cloud requires a progressive protection mechanism layer by layer, and there are complementary mechanisms between different layers; we cannot rely too much on a single point of control, single service or product, otherwise point failures will lead to security incidents. For example, a firewall can block external attacks, but cannot solve malicious internal attacks. This requires access control, host security, and data encryption to solve it together. This is a typical multi-layer protection.
6. Stronger Together can be stronger together: Fundamentally speaking, these capabilities come from customers' needs for security, which promotes the continuous progress and improvement of Amazon cloud technology. Amazon Cloud Technology then summarizes these discoveries, experiences, and practices, and tells more customers that it will become stronger to make progress hand in hand with customers.
A Safety Culture Worth Learning and Learning from
While striving to meet the security needs of customers, Amazon Cloud Technology's own "Job Zero Security Culture" is also very worthy of learning and reference for other companies. Chen Xiaojian pointed out that security is not only a technical issue, but also a management issue. The "Job Zero Security Culture" of Amazon Cloud Technology is to take security as the company's highest priority and to implement it throughout the entire enterprise.
1. Job Zero: Amazon Cloud Technology’s Job Zero safety culture regards safety as the responsibility of everyone in the company. The first thing to do before doing any work is safety work, and safety is the highest priority. Amazon Cloud Technology holds a security meeting every week. The CEO of the company will attend in person, and the heads of various businesses will also meet regularly to ensure business needs and focus on security issues.
2. Automation tools: Amazon Cloud Technology is good at improving efficiency and competitiveness through automation tools, reducing security resistance, embedding security in the entire development process, and reducing the impact on business. By using different tools for basic or complex issues, developers can clearly understand the security boundary, making the development process safer and reviewing more efficient.
3. Set security indicators: Amazon Cloud Technology also sets different security indicators for different teams of the company. For example, for the product team, Amazon Cloud Technology's metrics are to see what good security suggestions are put forward and which security features are promoted; for the security team, Amazon Cloud Technology's metrics are to see how many new product releases it has promoted, shortening How much time is spent on launching new products.
4. Safety ambassador mechanism: Amazon Cloud Technology has set up a safety ambassador team mechanism, combining security professionals with daily product and service teams in different proportions, and bringing security technologies and concepts to each product and service team. Thereby integrating the safety concept with the work of each team.
New products and features released by re:Inforce
In order to provide customers with better security protection, Amazon Cloud Technology has been continuously enriching its security services and functions according to customer needs. For example, in the field of encryption, in order to cope with the rapid development of quantum computing in the future, Amazon Cloud Technology has launched a hybrid post-quantum key exchange, which has provided quantum key exchange for Amazon Key Management Service (Amazon KMS), Amazon Certificate Manager and Amazon Secrets Manager. security algorithm. In addition, Amazon cloud technology also uses automatic reasoning to detect possible security risks and configuration errors through the application of data logic, providing higher guarantees for the security of the cloud itself and in the cloud, and promoting the development of provable security.
At this year's re:Inforce, Amazon Cloud Technology also released a series of new products and new features, the most notable of which are:
1. Amazon Identity and Access Management (Amazon IAM) Roles Anywhere: This service makes it easier for customers to use IAM roles for applications outside of Amazon Cloud Technology, and set temporary credentials for workloads such as local servers, containers, and applications. Eliminate customer management and the need to create long-term credentials, reduce operational costs and complexity, and improve the security of customer workloads.
2. Amazon Detective for Elastic Kubernetes Service (Amazon EKS): This service can extend the data sources covered by Amazon Detective to Amazon EKS, helping customers analyze, investigate and identify potential security issues or suspicious activities of Kubernetes on Amazon EKS clusters and Identify root causes and take quick action to resolve issues and improve safety.
3. Amazon GuardDuty Malware Protection: This service helps customers detect malware running in their cloud environments without deploying security software or agents.
4. Amazon Config has added a compliance score function: the newly added compliance score function can display the compliance degree of customer-related resources in the form of a percentage, helping customers to gradually compare and solve compliance problems.
Initiatives for the Chinese market
When talking about Amazon Cloud Technology's initiatives in China's security market, Chen Xiaojian revealed that there are two main aspects:
1. Stronger Together: Compared with foreign customers, Chinese customers have their own unique security compliance requirements and environment. Through in-depth communication with customers, Amazon Cloud Technology found that Chinese security customers are particularly concerned about privacy protection, cross-border data, and cloud security construction. Therefore, Amazon Cloud Technology also launched a Stronger Together feedback mechanism for the Chinese market. We hope to help more Chinese customers solve the most difficult problems of cloud security compliance, have better security strategies, and help their cloud business develop smoothly.
2. CISO Dialogue: As the information security officer on the cloud, the CISO bears a huge responsibility, not only to ensure the security of customer business on the cloud, but also to solve all the security threats they face, and help the enterprise to build a security reputation. Therefore, starting from 2022, Amazon Cloud Technology will hold CISO dialogues in China to discuss security management, culture and technology, so that security and compliance will no longer be an obstacle to the rapid growth of business on the cloud. The purpose of the CISO dialogue is to create a platform for mutual communication between customers and manufacturers, to export the experience and practice of Amazon cloud technology in security compliance, and to obtain the specific demands and needs of customer CISOs in terms of cloud security, compliance, and operation and construction. solved problem.
"The security situation on the cloud is changing all the time and changing with each passing day. We must have forward-looking thinking, maintain keen insights, and continuously provide customers with security protection that is as ubiquitous as water and air. Amazon cloud technology always regards security as the highest priority We will implement security as a culture throughout the entire enterprise operation of Amazon cloud technology. We will accelerate the implementation of security concepts, new security services and functions in China, and work with Chinese customers to solve security and compliance issues on the cloud Tough challenges, escorting their business innovation on the cloud." Chen Xiaojian said.
