AWS re:Invent Delivered Lots of Excitement and News, Yet Security Awareness Lags for Some

December 8, 2017 Chris Smith


Last week, I joined about 40,000 people at the AWS re:Invent. While clearly AWS- focused, the conference has become the leading cloud, and maybe even the leading infrastructure, event. With information on cloud and DevOps in sessions and on the show floor, it was great to be there. There was also the bonus of having the Gartner Identity and Access Management (IAM) Summit in Vegas during the same week, and I’ll include some details on that below.

Demoing New Capabilities

Product management, product marketing and our systems engineers took the opportunity to talk to many developers and IT professionals at re:Invent, and we gained helpful insights about some of the immediate and emerging security challenges that customers face and want CyberArk to address. More  to come on that in 2018. We also got very positive responses from our demo of the Conjur secrets management solution for DevOps, especially showing off the UI and then switching into code. There was a lot of interest in the Open Source version. We also demoed our integrations with AWS ,including the CyberArk Amazon Machine Images (AMI) and Cloud Formation Templates (CFT), and the recently announced integration of the Enterprise Password Vault with AWS CloudWatch that automatically on-boards SSH keys for newly created instances.

Security Is A Priority – But Not Everyone Addressing

While there was significant emphasis on security at the event, AWS continues to emphasize the shared responsibility model. AWS announced several enhancements to its identity and security offerings, but it struck me that there are still some major, unaddressed gaps in cloud and DevOps security awareness and needs. Moreover, even heightened awareness of the vulnerabilities does not always drive remedial action.

The good news, for you, is that if you’re reading this post you probably know CyberArk, in which case you are likely already ahead of many of your peers.  I had the opportunity to speak to several very knowledgeable and savvy developers and cloud engineers at re:Invent.  My impression was that while there is tremendous interest in learning more about securing cloud workloads and DevOps environments, many organizations have a long way to go. For example, I spoke with several people that still hardcode credentials, secrets and access keys; others are stringing together multiple tools and environments to store their secrets. These security gaps are significant. But, if you’ve evaluated the Conjur Community Edition (available at at no cost), or if you already use CyberArk Conjur, CyberArk Enterprise Password Vault or other CyberArk solutions, you are likely on the right track to address your organization’s cloud and hybrid security concerns. If not, please reach out to us.

Expanding AWS Capabilities

No surprises here, but AWS continues to aggressively expand its platform and offerings, including several developer focused offerings, APIs, and integrated tools such as the browser-based AWS Cloud9 Integrated Development Environment (IDE), and the expansion of AWS Lambda, serverless computing capabilities.  AWS also announced significant expansion of its Machine Learning (ML) capabilities with Amazon SageMaker and Artificial Intelligence (AI) capabilities with AWS Rekognition as well as video analysis for live streaming and translation services (which tie back to ML and AI). These initiatives aim to make powerful ML and AI capabilities accessible to developers across a range of organizations. While these new AWS capabilities have some of the same security needs as other cloud based services (S3, EC2, etc.), they each likely require vast amounts of data – which IT and security professionals will need to protect. Innovative companies will leverage these capabilities to offer new services, and of course, AWS is motivated to increase adoption of cloud-based services. These new capabilities have the potential to accelerate an enterprise’s cloud journey, but also potentially expose new security needs to address. Our goal is to be ready for you at each stage of your cloud journey.

For more detail on the developer highlights, refer to “AWS re:Invent Recap – Amazon Lures Developers With New Tools And APIs” by Janakiram MSV — published in Forbes.

Gartner IAM

Cloud and DevOps topics were also front and center at the Gartner Identity and Access Management (IAM) Summit. Attendees explored how both market and technology forces are shaping the future of IAM, and participated in deep dives on topics ranging from analytics and blockchain, to artificial intelligence and microservices. A few of the highlights included a session by Gartner Research Director Felix Gaehtgens, “Manage Privileged Access to Reduce Security Risks and Increase Agility,” that covered privileged access management (PAM) fundamentals, an overview of available tools and a peek at technologies along the PAM maturity curve. Additionally, Research VP Lori Robinson’s session, “Protect the Keys to the Kingdom! Secure Privileged Access in an IaaS Environment,” honed in on privileged access as an essential security control in IaaS environments for risk mitigation.

A colleague and I presented “CyberArk: Privileged Related Risks Lurking in Your Cloud? Halt Stealthy Threats” at the Summit. The slides are available here.

Making Security a Priority

Bottom line – it was a very enlightening and productive week in Vegas with the two conferences, where it was clear that identity and security for cloud and DevOps will continue to be a top-of-mind priority for enterprises. On a side note, at the parent teacher conference I attended this week, I discovered my high school senior’s programing class uses the AWS Cloud9 development environment – no surprise, but security isn’t yet on their agenda. I think (hope) we all know it needs to be on the top of ours!

For additional information, please visit, or to download the open source edition of our secrets management solution visit


Previous Article
Countdown to GDPR: Responding to the 72-hour Notification of a Personal Breach
Countdown to GDPR: Responding to the 72-hour Notification of a Personal Breach

Here’s a million dollar question (which could quite literally be a million dollar question, given the poten...

Next Article
Preventing Attacks Launched Deep within the Network
Preventing Attacks Launched Deep within the Network

Attacks that exploit Kerberos, a Windows authentication protocol, have been behind some of the biggest brea...