Recommended reading

AWS just hit a major cloud security milestone - and it could be a win-win for businesses everywhere

News
By published

AWS says it now has 100% MFA coverage for root users

AWS logo
(Image credit: Future / Mike Moore)
  • AWS has managed to enforce MFA for 100% of root users
  • The achievement is a great advancement for the AWS cloud platform
  • More major security announcements were made at re:Inforce

Amazon Web Services (AWS) says it has managed to get 100% of root users to enforce multi-factor authentication across all account types.

The news represents a significant milestone in security posture, with AWS fully meeting its past commitment to enforce the use of MFA for management and standalone accounts with root access.

Chief Information Security Officer Amy Herzog made the milestone announcement at the company's AWS re:Inforce conference, stating, “I'm so happy to say that we now have 100 percent MFA enforcement for root users.”

AWS continues voluntary commitments

As an achievement on its own, this is major, but what makes it even more impressive is that the 100% MFA root user account milestone is part of AWS’ voluntary commitments to the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design initiative.

Multi-factor authentication has become a key part of most organizations' security structure, offering a phishing resistant verification method that can stop an attacker in their tracks even if they’ve got their hands on a stolen username and password.

This wasn’t the only significant security announcement made at re:Inforce though – as AWS also announced some significant new feature that has been added to the platforms Identity and Access Management hub. Within the Access Analyzer, you can now check which users have access to critical resources on a central dashboard.

The AWS Security Hub now offers notifications and signals ranked by their significance to help security teams deal with the most pressing issues first.

“For example, Security Hub can combine the multi-stage threats detected by GuardDuty Extended Threat Detection with other signals like vulnerabilities, and prioritize critical security issues and help you simplify your overall cloud security operations across your entire organization,” Herzog said.

Additionally, GuardDuty Extended Threat Detection now offers support for container-based applications running on Amazon Elastic Kubernetes Service.

AWS Shield has also been boosted with a new network security director that looks for misconfigurations on the network that could be exploited during a distributed-denial-of-service attack, or SQL injection.

You might also like

TOPICS
Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.