BOSTON — AWS used its inaugural security conference to address a persistent issue for its users: cloud misconfigurations.
At AWS re:Inforce, the cloud giant and several of its top customers weighed in on misconfigured settings, which have resulted in several high-profile cloud data exposures in recent years. The AWS misconfigurations have affected a broad range of organizations — from private enterprises, like Verizon, to government agencies, such as the Pentagon.
AWS has made incremental changes to its services and security features to curb such data exposures, including the ability to block public access for all S3 resources within an organization. Bill Shinn, senior principal in the office of the CISO at AWS, said the company has tried to provide “deep and simple visibility” to customers about their configurations and security settings to meet the governance challenges.
“Everything in AWS is secure by default,” he said. “There are valid use cases for making S3 buckets public, but making it incredibly obvious when those configurations are happening was important.”
In addition to those changes, the cloud provider used AWS re:Inforce as an opportunity to tout new and…
