AWS is fortifying its defences through an overhauled security competency program. Ryan Orsi, a leader in AWS’s Cloud Foundational Services Partners team, shed light on the recent enhancements during an insightful conversation.
The revamped security competency now caters to both security software companies and service providers, a strategic move that recognises the diverse needs of AWS’s vast partner ecosystem. However, the real game-changer lies in the introduction of eight new categories meticulously crafted to address emerging threats and cutting-edge technological advancements, such as the rise of generative AI and the burgeoning field of quantum computing.
No ad to show here.
“Since then, you know, we’ve had the rise of Gen AI. You know, there’s been a bigger focus on quantum computing and all those things. Have those competency program categories evolved as well?” I asked Orsi. “They have,” Orsi remarked, underscoring the program’s adaptability to the rapidly shifting security landscape.
One category that has garnered significant attention is “Threat Detection and Response.” As Orsi elucidated, this category delves deep into the intricate nuances of detecting and mitigating threats posed by generative AI, a revolutionary technology that has captured the imagination of the tech world and carries profound implications for cybersecurity. “Maybe database security is suddenly cropping up as a point of issue, or maybe, for threat detection, and particularly people have been interested in how they detect a generative AI based threat on, like, the reconnaissance side of the cybersecurity kill chain,” he noted, highlighting the pressing need to stay ahead of evolving AI-powered threats.
Underpinning these meticulously crafted categories are 128 painstakingly curated “use cases,” each accompanied by a comprehensive suite of resources, including detailed reference architectures, code assets, and cutting-edge training modules. These resources are strategically designed to empower AWS’s partners, equipping them with the knowledge, tools, and expertise to tackle real-world security challenges head-on.
Orsi emphasised the collaborative nature of this endeavour, highlighting the invaluable involvement of AWS’s partner advisory board and the incorporation of customer feedback from across the globe. “It’s being fed from, you know, our true, you know, our true roots of being customer obsessed,” he said, underscoring the program’s unwavering commitment to a customer-centric approach that drives continuous improvement and innovation.
Recognising the complexities of modern security challenges, AWS has intentionally left room for its partners to innovate and extend the native security services beyond AWS’s own finite engineering resources. “We believe in the concept of in certain, very, challenging complex security, let’s say, use cases in this in this particular context, let’s not try to solve the entire problem on our own with a finite amount of AWS engineers,” Orsi explained. This strategic approach amplifies the collective brainpower and expertise focused on tackling even the most daunting security challenges.
The program’s emphasis on open source security is also noteworthy. Orsi lauded the Open Cybersecurity Schema Framework (OCSF), a collaborative effort aimed at standardising log file formats, a long-overdue step towards streamlining security analysis and response. He also highlighted the seamless integration of open source tools in incident response and digital forensics, underscoring AWS’s commitment to leveraging the power of the open source community.
Moreover, AWS has introduced a dedicated cyber insurance competency, a forward-thinking initiative that acknowledges the growing need for quantifying and mitigating business risks associated with security breaches. “We believe, and we know, I should say, that the customers around us in in in this world, they need the board of directors, the c level executive suite, they need a connection to reduction in quantified business risk to investment in good security behaviour,” Orsi stated. This innovative approach not only enables organisations to assess their security posture more accurately but also incentivises them to adopt best practices by tying premiums to their risk profiles.
As the digital landscape continues to evolve at a breakneck pace, AWS’s fortified security competency program positions the company and its partners at the forefront of cloud security innovation. By fostering collaboration, leveraging the power of open source resources, and proactively embracing emerging technologies like generative AI and quantum computing, AWS aims to fortify the defences of its customers against an ever-increasing array of cyber threats, ensuring their cloud environments remain secure and resilient in the face of constant change.
Read next: Google leverages AI to combat threats in digital advertising