CIS Team Highlights from AWS re:Inforce

The CIS® team had a great experience at AWS re:Inforce from June 25-26, 2019 in Boston, MA. As AWS’ inaugural security conference, re:Inforce brought together cloud security, identity, and compliance experts. Attendees participated in the Security Learning Hub with leaders in cloud infrastructure and hardening, as well as hundreds of technical sessions. Keep reading for highlights from our team members.

Rich McGraw: Account Executive, Cloud Security

AWS re:Inforce was the first cloud security conference held by AWS – which provided outstanding exposure for the CIS mission. During the keynote, AWS CISO Steve Schmidt recommended following CIS Benchmarks™ in their newly announced Security Hub. The Security Hub launch page recommends following the CIS AWS Foundations Benchmark to improve compliance with automated checks. In addition, AWS is encouraging organizations to explore the AWS Marketplace where CIS Hardened Images™ are found.

I met with several CIS members to discuss strategies to help them start secure and stay secure using CIS Hardened Images. CIS member feedback focused on operational efficiency gained by using CIS Hardened Images. Securing production workloads at scale is massively simplified by starting with secure images that are continually refreshed. CISOs have confidence in shifting workloads to the cloud knowing CIS Benchmarks are being followed. Conversations quickly evolved into what we are offering next to help them on their cloud journey.

Members are looking for affordable methods of procurement as workloads rapidly shift to the cloud. To keep our community secure, CIS can offer our Hardened Images through a Private Offer executed in the AWS Marketplace. A private offer is custom pricing for those deploying at scale.

Meg Keyes: Senior Vice President Sales & Business Services

AWS re:Inforce was the first cloud security conference held by AWS. There was tremendous representation of vendors focused in cloud security including many CIS SecureSuite® Vendor Members. At each of the vendor booths, member or not, you can see the CIS impact growing. Our team is always warmly received because the CIS Controls®, CIS Benchmarks, and CIS Hardened Images are being utilized and becoming more well-known. It is incredible to have AWS and CIS Vendor Members amplifying our message through the use of our resources. Through this conference the CIS team created many opportunities for relationship building and amplification of our mission.

Greg Carpenter: Product Owner, Cloud

AWS re:Inforce had a strong focus on the shared responsibility model for security between cloud service providers (CSPs) and customers. That message often resonated through the sessions on how AWS provides different layers of security and services to fulfill their side of the responsibility. The vendors then represented solutions for the consumer to streamline their share of the security model using the vendor-specific tooling and resources. To continue to drive the CIS mission, the team had numerous meetings with both consumers and vendors sharing new and existing opportunities CIS provides for the growth of cloud cybersecurity.

Scott Eiser: Director, CIS SecureSuite & Cloud Security

Having the opportunity to attend the first-ever AWS conference dedicated entirely to security and the theme that seemed to be most prevalent was the need for security to become an integral part of each and every aspect of an organization. Starting from culture and working its way down, security needs to be baked into the entirety of you development and operations. It was great to see how relevant CIS is to these conversations from the perspective of the vendors and end users in attendance, as well as AWS.

There was buzz around the CIS AWS Foundations Benchmark being a standard supported within the AWS Security Hub. CIS’ inclusion within the Security Hub was even highlighted during the keynote! I spoke with dozens of vendors that have incorporated (or want to incorporate) CIS Benchmarks and CIS Controls into their messaging.

A number of attendees expressed excitement when learning that CIS Hardened Images are available in the AWS Marketplace. This was the first show I’ve attended where the CIS name and reputation was known by the majority of folks I spoke with. Spreading our mission through marketing and outreach is resonating and is helping build more confidence in a connected world.

Sean Atkinson: Chief Information Security Officer

Cloud innovation is amazing, especially within AWS. The requirements for security are increasing to make the cloud a secure and viable option for the public and private sectors. The use of the CIS AWS Foundations Benchmark is seen as a standard approach to secure cloud computing environments. In combination with the new supporting log management and secure controls, this will provide for best practices to secure and increase the overall confidence in cloud infrastructure.

CIS provides guidance and control for systems and configuration management requirements. As a CIS employee, the number of mentions of our work and contributions to cloud security is astonishing. I attended a number of sessions and found over 80% mentioned CIS in some form or fashion.

It’s a great feeling to be part of the AWS community and leading the charge to more secure and controlled cloud systems. It was also satisfying to see how our work is used in so many different ways as a requirement for cloud security.

First, but not the last

re:Inforce 2019 kicked off what’s sure to be a long line of cloud security conferences for AWS. So what’s next? There’s certainly more to come on the shared responsibility model of cloud infrastructure security, and how vendors and users can work together to harden systems and data. What has been your favorite cybersecurity conference or workshop of 2019 to date? We’d love to hear about an interesting slide deck or valuable keynote. Tweet us @CISecurity and let us know!