AWS re:Invent 2022
New Introducing Aws Verified Access Secure Connections to Your Apps Net214

Title

AWS re:Invent 2022 - [NEW] Introducing AWS Verified Access: Secure connections to your apps (NET214)

Summary

  • AWS introduced a new service called Verified Access, which allows secure connections to corporate applications without the need for VPNs.
  • Verified Access is built on AWS Zero Trust principles, offering a wide array of connectivity choices and enhanced security.
  • The service simplifies policy management, allowing policies to be managed in one place and enabling quick application additions and policy changes.
  • Verified Access logs each access request, providing valuable data for troubleshooting, audit, compliance, and security investigations.
  • AWS is building an open ecosystem with partners for identity providers, device management, contextual signals, and managed connectivity solutions.
  • The service supports integration with major identity providers and device security providers using standard protocols.
  • Verified Access uses a new policy language called Cedar, which is expressive, supports static analysis and debugging, and is fast enough for real-world use.
  • The service is integrated into the VPC console, and users can create instances, trust providers, groups, and endpoints to connect to their applications.
  • Pricing for Verified Access is based on application hours and data processing, allowing for a gradual migration to Zero Trust.

Insights

  • AWS Verified Access represents a significant shift from traditional VPN-based connectivity to a Zero Trust model, focusing on continuous validation of identity, device posture, and real-time contextual signals.
  • The introduction of Verified Access could potentially reduce the complexity of managing multiple policies across different teams, as it centralizes policy management and applies real-time contextual access controls.
  • The Cedar policy language is a strategic move by AWS to provide a more suitable tool for writing security policies that involve third-party data, which could not be effectively handled by existing policy languages like Balsa.
  • AWS's approach to building an open ecosystem with partners for Verified Access indicates a commitment to interoperability and customer flexibility, allowing users to continue using their existing security systems while adopting Verified Access.
  • The detailed explanation of how Verified Access works, including the creation of instances, trust providers, groups, and endpoints, provides a clear roadmap for customers interested in implementing the service.
  • The pricing model for Verified Access encourages adoption by charging based on application hours and data processing, which could be attractive for organizations looking to transition to Zero Trust without incurring significant upfront costs.
  • The integration of Verified Access with AWS Identity Center and support for OIDC connections demonstrates AWS's focus on seamless identity management and secure access across its services.
  • The use of an isolated execution environment for Cedar policies enhances security by limiting the attack surface and ensuring that policies are strictly evaluated before proxying requests to the target application.
  • The support for logging in OCSF standard schema facilitates easier consumption and analysis of logs by security teams and compliance with audit requirements.
  • The presentation at AWS re:Invent 2022 indicates that AWS is actively seeking feedback from customers to further refine Verified Access and its features, showing a customer-centric approach to product development.
New Introducing Amazon Vpc Lattice Simplifying App Networking Net215New Launch Amazon Datazone Democratize Data W Governance Ant344