Where to Catch CIS at AWS re:Invent 2019
AWS re:Invent is just around the corner and cloud enthusiasts will soon flood Las Vegas for a busy week of talking about what’s new with cloud technology. Keep reading to find out how you can connect with CIS from December 2-6, 2019 and learn about what’s new in cloud security at AWS re:Invent.
What to expect at AWS re:Invent
This year, attendees will hear from leading innovators on topics like cloud analytics, machine learning, and configuration security. There are also two cloud security sessions focused on compliance that you don’t want to miss. Between keynotes, workshops, and tons of fun activities like dodgeball and crafting, there’s a lot to choose from at AWS re:Invent!
In Focus: Cloud Security Compliance
Secure configuration is a must whether you’re working on premises or in the cloud. Some best practices are driven by a single organization’s perspective or bottom-line business objectives. The CIS Benchmarks are different. They’re the only consensus-developed configuration best practices both created and trusted by a global cyber defense community. The CIS Benchmarks are written, tested, and reviewed by cybersecurity experts from academia, government, and various industries such as finance and healthcare. They’ve been downloaded more than one million times this year alone.
The CIS AWS Foundations Benchmark is a good first step for configuring a subset of AWS services. These recommendations help any consumer of AWS meet their side of the shared responsibility model in their base account. CIS brings security to the cloud with CIS Hardened Images – OS, container images, and web apps that have been pre-configured to meet CIS Benchmark recommendations. Users of CIS Hardened Images have consumed more than 180 million machine hours through September of this year.
Staying current with the latest OS security updates is an essential part of a good cyber hygiene strategy. The CIS Benchmarks Community recently released new Benchmarks covering Microsoft Windows Server 2019, Red Hat Enterprise Linux 8, CentOS8, and Oracle Linux 8. CIS Hardened Images are available now or coming soon for these technologies. Read more on our blog.
Complying with CIS Benchmarks recommendations and using CIS Hardened Images can help your organization meet compliance requirements such as PCI, HIPAA, and FedRAMP. While the Department of Defense Cloud Computing Security Requirements Guide (SRG) references the CIS Benchmarks as acceptable to use in lieu of Security Technical Implementation Guides (STIGs), we have received feedback that hardening to the STIGs is still required in some environments. CIS has been hard at work to add this new option of configuration of a CIS Hardened Image based on STIGs. Stay tuned for more information at re:Invent!
Can’t-miss Security Sessions at AWS re:Invent
Ready to learn more about secure configuration in the cloud? Check out these sessions and webinars:
SEC342-R – Use AWS Security Hub to Act on Your Compliance and Security Posture
December 2, 10:45 AM PST – 11:45 AM PST
Speakers: Ely Khan, Principal PMT
Scot Ward, Principal Solutions Architect
In this chalk talk, Kahn and Ward discuss how you can continuously assess and act on security and compliance issues using AWS Security Hub. Learn how to enable compliance checks based on industry-trusted security best practices such as the CIS Benchmarks.
From DevOps to DevSecOps: Cloud, Security, and Compliance
December 4, 4:00 PM PST (also on demand)
Speakers: Gregory Carpenter, CIS
Brian O’Keefe, CloudCheckr
During this live panel discussion, we’ll explore the future of cloud security and DevSecOps. Tune in to gain expert insight into the challenges organizations are facing when it comes to security development in the cloud. With interactive Q&A, this is one you don’t want to miss! Register via BrightTALK at the link below.
WPS311 – How Public Sector Organizations Enforce Governance & Compliance
December 5, 2:30 PM PST – 4:45 PM PST
Speakers: Andrew Langhorn, Senior Solutions Architect
Lee Petford, Senior Solution Architect
This is a hands-on workshop in which Langhorn and Petford show you how to deploy common security best practices used by public sector organizations. Learn how your organization can deploy automated solutions to ensure compliance with the CIS Benchmarks security best practices.
Ask the Expert: Benchmarking the New Era of Cloud Insecurities
December 5, 2:30 PM PST – 3:00 PM PST (also on demand)
Speaker: Michelle Peterson, CIS
This one-on-one interview will cover the shared responsibility model for security in the cloud, and how the customer can do their part.
See you at Booth #1807!
Will you be at AWS re:Invent? Swing by the CIS booth #1807 to grab some swag and have a conversation with us. We’d love to discuss the opportunities and challenges of working in the cloud. Have questions about building a cloud security program? Let us show you how your organization can implement CIS Benchmarks for configuration security and leverage the CIS Hardened Images for improved cyber defenses. Interested in incorporating the CIS Benchmarks into your tools? We’d love to talk about that, too. Contact us if you’d like to set up a time to meet. Hope to see you there!