Speaking at the AWS re:Inforce conference in Philadelphia last week, AWS CISO Chris Betz said it takes a “dedicated effort” to grow, evolve and maintain a culture focused on security as a top priority.
As Dan Raywood, senior editor at our sister site SC Magazine UK, reported, Betz said there is a culture across AWS, led by CEO Matt Garman, where security leaders are able to meet with individual service teams to discuss important security issues.
“After experiencing these meetings in person, I'm impressed by the impact they have on each and everyday work and as leaders, we all know that time is incredibly precious,” he said.
That same dedication to a culture of security is important for MSPs, especially as they become the front lines of the battle against an evolving cybersecurity threat landscape.
Cybersecurity Requires Developing New Habits
As Raymond reported, Betz went on to say that culture “is at the root” of developing new habits within an organization to prioritize security. “It's culture that drives us to design systems that are secure by design - not bolting it on after - and it's a culture that teaches us to empower the individuals and operate the business in a way allowing us to remain agile while distributing security throughout the organization,” he said.
Betz said that culture doesn't happen overnight, can take constant investment and begins with a single motivated individual. He later said that upon joining AWS, it was clear that security was the top priority, and in how processes and mechanisms were developed, and the “thoughtfulness and maturity at AWS was next level.”
To that end, also at re:Inforce, AWS announced its intention to push multi-factor authentication (MFA) out to users, with support added for FIDO2 passkeys.
Intended “to help customers align with their MFA requirements and enhance their default security posture,” this addition will help users - who already use passkeys on billions of computers and mobile devices, using only a security mechanism such as a fingerprint, facial scan, or PIN built in to their device.
Speaking to SC UK, Mark Ryland, director of Amazon Security says the intention is to provide a “somewhat more user-friendly convenient form factor” for users.
Finally, Raymond reported, in an announcement made June 11 at the re:Inforce conference in Philadelphia, AWS said as it expands its MFA capabilities, this support for FIDO2 passkeys as an MFA method is launched “to help customers align with their MFA requirements and enhance their default security posture,” Arynn Crow, senior manager of user authentication products for AWS Identity, said.
Acknowledging that customers already use passkeys on billions of computers and mobile devices across the globe, using only a security mechanism such as a fingerprint, facial scan, or PIN built in to their device, Crow said that same passkey can be used as your MFA method as you sign in to the AWS console across multiple devices.
Specifically, a passkey is a pair of cryptographic keys generated on your client device when you register for a service or a website. The key pair is bound to the web service domain and unique for each one.
Rather than replacing the password, the passkey adds a second factor authentication, to provide something you have in addition to something you know.
“AWS customers can now use the built-in authenticators on their phones and laptops to add cryptographically phishing-resistant credentials to their side of the experience,” Betz said.