AWS re:Invent 2018: DivvyCloud’s Key Takeaways

DivvyCloud was proud to be a sponsor of AWS re:Invent 2018 where we shared how we deliver continuous security and compliance for AWS and Kubernetes (along with Azure, GCP, Alibaba Cloud) to customers like Twilio, 3M, Autodesk, General Electric, and Fannie Mae.

One of the high points of re:Invent was when AWS CEO Andy Jassy took the stage and made it very apparent that AWS is moving full steam ahead.  Jassy spoke on the new AWS security tools, AWS Outposts, machine learning strategies, as well as Amazon’s new headquarters, one of which is only a couple of miles away from our office in Arlington, Virginia.

Here are four announcements we wanted to highlight in case you missed them or wanted to learn more:

  • AWS Outposts: AWS made a big push into the hybrid cloud space with Outposts, which brings native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. This is a fascinating initiative for many reasons. Many companies and projects have tried to bring public cloud functionality into private data centers, from Eucalyptus (now defunct, after being acquired by HPE, and later passed to AppScale) to OpenStack. This only reinforces the simple fact – for real cloud convenience, the hardware and software have to work together. But why would customers embrace Outposts? Despite strong innovation in the security space, going to the point where many people feel that public cloud is more secure than private data centers, there is still a perception amongst many enterprises that core intellectual property (often called the “crown jewels”) belongs on hardware that the enterprise can own and touch. Also, there are situations of data gravity where the transit costs and times to and from public cloud are not practical.
  • AWS re:Inforce:  The first AWS Security Conference: AWS re:Inforce 2019 was announced.  The event is being billed as “a hands-on gathering of like-minded security professionals,” and will take place in Boston, MA on June 25th and 26th, 2019 at the Boston Convention and Exhibition Center. The cost for a full conference pass will be $1,099. Attendees will get a deep dive into the latest approaches to security best practices and risk management utilizing AWS services, features, and tools.  DivvyCloud will be there talking about how our software helps our customers consistently and effectively use AWS security and management tools. During the conference, AWS will offer multiple content tracks designed to meet the needs of security and compliance professionals, from executives to security engineers, and everything in between.
  • AWS Security Hub: Available now in preview, this service allows AWS customers to centrally view and manage security alerts and automate compliance checks within and across AWS accounts. Importantly, it will aggregate security findings from AWS and partner services and present you with built-in and customizable insights that are unique to your environment.  Security Hub will be an excellent tool for customers running in only AWS who want to gain a consolidated view of alerts and checks across their environment and have a base-level of requirements. For advanced and enterprise customers, looking for multi-cloud capabilities, integration with existing systems like Splunk and ServiceNow, and an automated multi-cloud remediation, there is DivvyCloud.
  • AWS Control Tower:  AWS Control Tower is now available in limited preview.  This new service helps you automate the set-up of a well-architected multi-account AWS environment based on best practices, and also guides you through a step-by-step process to customize Control Tower to your organization. It will automate the creation of an AWS Landing Zone with best practice blueprints including:

    Configuring AWS Organizations to create a multi-account environment
    • Federating access using AWS Single Sign-On
    • Centralizing logging using AWS CloudTrail and AWS Config
    • Enabling cross-account security audits using AWS IAM
    • Implementing network design using Amazon VPC
    • Defining workflows for provisioning accounts using AWS Service Catalog

    Guardrails (a term that DivvyCloud has been championing for years), both mandatory and recommended, will be available for high-level, rule-based governance. Customers will also have access to an integrated dashboard where they can review accounts provisioned, the guardrails that are enabled, and compliance status.  This will be a great entry-level tool that will be perfect for many of the customers who today operate only in AWS and have fairly straightforward requirements. 

What does DivvyCloud think about the new AWS security tools?

The security tools are a very positive sign that AWS is taking the enterprise concerns seriously. As customers expand their cloud footprint, often embracing a multi-account strategy to limit blast radius or segregate workloads for chargeback, the complexities of multi-account management come to the front of mind. These tools help to alleviate that experience.

However, what about the modern enterprise that is cloud agnostic, multi-cloud for either workload or strategic reasons? We believe that this reinforces DivvyCloud’s mission – providing a central, unified, policy-driven approach to automated real-time security across all public clouds. We also think that security hub is a great start, but doesn’t address the needs of the most complex organizations, whose security and compliance standards are built not only on best practices like the CIS Benchmarks but also on regulatory standards like HIPAA, NIST, PCI, FedRamp, GDPR; as well as on internal corporate standards. Customers need to leverage a broad library of tools to build their own security policies.

What about outside of the areas of infrastructure and security?

AWS continues to reinforce its position as the most customer-centric company in the world. The additional services, ranging from storage, to compute, to data lakes, machine learning and much, much more are all aligned around new customer use cases and workloads. Admittedly, some services launch with a very narrow set of capabilities, but Amazon has proven its ability to iterate quickly and broaden to meet market demand. Case in point is the expansion of a previous re:Invent highlight, AWS Lambda, to include support for all coding languages.

As the conference progressed, we engaged with many customers to discuss their security requirements, and one other theme that emerged from those conversations was that their needs are real-time and they are often absolute. This means that simply finding problems is often necessary, but not sufficient. They need the ability to leverage an automation library to remain secure and within their guidelines – continuous compliance.

There were many other announcements, and AWS has handily provided a summary of the launches, previews, and pre-announcements from Andy Jassy’s keynote.

So, are you ready to see how DivvyCloud can simplify your cloud environment, optimize your resources, provide new insights, and automate your security policy? Get your free 30-day trial of DivvyCloud, or speak with a DivvyCloud expert to get started today.

DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.