AWS Security Blog

Tag: Privacy

2021 AWS security-focused workshops

Every year, Amazon Web Services (AWS) looks to help our customers gain more experience and knowledge of our services through hands-on workshops. In 2021, we unfortunately couldn’t connect with you in person as much as we would have liked, so we wanted to create and share new ways to learn and build on AWS. We […]

Read More

Disaster recovery compliance in the cloud, part 2: A structured approach

Compliance in the cloud is fraught with myths and misconceptions. This is particularly true when it comes to something as broad as disaster recovery (DR) compliance where the requirements are rarely prescriptive and often based on legacy risk-mitigation techniques that don’t account for the exceptional resilience of modern cloud-based architectures. For regulated entities subject to […]

Read More

Disaster recovery compliance in the cloud, part 1: Common misconceptions

Compliance in the cloud can seem challenging, especially for organizations in heavily regulated sectors such as financial services. Regulated financial institutions (FIs) must comply with laws and regulations (often in multiple jurisdictions), global security standards, their own corporate policies, and even contractual obligations with their customers and counterparties. These various compliance requirements may impose constraints […]

Read More

How to securely create and store your CRL for ACM Private CA

December 14, 2021:The code in step #8 under Deploying the CRL solution has been updated to reflect new features preventing the confused deputy problem in AWS bucket policies. In this blog post, I show you how to protect your Amazon Simple Storage Service (Amazon S3) bucket while still allowing access to your AWS Certificate Manager […]

Read More

re:Invent – New security sessions launching soon

Where did the last month go? Were you able to catch all of the sessions in the Security, Identity, and Compliance track you hoped to see at AWS re:Invent? If you missed any, don’t worry—you can stream all the sessions released in 2020 via the AWS re:Invent website. Additionally, we’re starting 2021 with all new […]

Read More

re:Invent 2020 – Your guide to AWS Identity and Data Protection sessions

August 16, 2021: We’ve updated this post to include links to recordings of the sessions. AWS re:Invent will certainly be different in 2020! Instead of seeing you all in Las Vegas, this year re:Invent will be a free, three-week virtual conference. One thing that will remain the same is the variety of sessions, including many […]

Read More

Verified episode 2: A conversation with Emma Smith, Director of Global Cyber Security at Vodafone

Over the past 8 months, it’s become more important for us all to stay in contact with peers around the globe. Today, I’m proud to bring you the second episode of our new video series, Verified: Presented by AWS re:Inforce. Even though we couldn’t be together this year at re:Inforce, our annual security conference, we […]

Read More

Introducing the first video in our new series, Verified, featuring Netflix’s Jason Chan

The year has been a profoundly different one for us all, and like many of you, I’ve been adjusting, both professionally and personally, to this “new normal.” Here at AWS we’ve seen an increase in customers looking for secure solutions to maintain productivity in an increased work-from-home world. We’ve also seen an uptick in requests […]

Read More

How financial institutions can approve AWS services for highly confidential data

November 19, 2021: We made minor updates to this post, such as updating the number of services in scope for SOC compliance from 124 to 141. January 18, 2021: We made minor updates to this post, such as updating the number of services in scope for SOC compliance from 122 to 124. July 21, 2020: […]

Read More