How AWS is redefining cloud security: Key takeaways from re:Inforce 2025

AWS kicked off their annual cybersecurity conference re:Inforce with a keynote from Amy Herzog, AWS Vice President and Chief Information Security Officer (CISO). Get the highlights from her talk, including the latest product announcements and how AWS is balancing AI innovation and security.

The pace of tech change isn’t slowing down. If anything, it’s speeding up, and it can feel like security and innovation are at odds with each other. But a secure foundation actually enables innovation. 

“Everything starts with security,” said Amy during her AWS re:Inforce keynote. 

No matter what your organization is working on, you need a secure foundation, guardrails, and trusted tools to get there. And having a secure foundation across these four categories will often get you there faster:

1. Identity and access management (IAM)
2. Monitoring and incident response
3. Data and network protection
4. Migration and modernization

Identity and access management is all about trust and being confident enough to know who has access to your systems and what they can access.

Amy’s top IAM tips? Use the principle of least privilege, replace long-term credentials with temporary ones, and always use MFA.

Takeaways:

• AWS Identity and Access Management (IAM) Access Analyzer includes a new feature called Internal Access Findings. This feature gives organizations greater visibility into who has access to critical resources. It also shows both internal and external access in one unified dashboard so security teams can more easily manage access controls. Learn more about Internal Access Findings.
• AWS IAM now requires MFA for root users across all account types. Learn more about MFA in AWS IAM.
• Amazon Inspector now includes a new feature called code security capabilities. This feature helps you view the security health of your code and identify vulnerabilities and misconfigurations. Learn more about Amazon Inspector code security capabilities.
• Amazon Verified Permissions now offers verified-permissions-express-toolkit, allowing you to quickly implement external fine-grained authorization for Express.js web application APIs. Learn more about securing Express application APIs with Amazon Verified Permissions.

Monitoring is a critical part of cybersecurity, but it can be challenging to know what to monitor. As Amy said, “You can’t protect what you can’t see.”

And even when issues are flagged, alert fatigue can cause critical warnings to be ignored.

To address these challenges, Amy announced the expanded version of GuardDuty Extended Threat Detection and the new AWS Security Hub now in preview.

Takeaways:

• GuardDuty Extended Threat Detection now includes coverage for Amazon EKS clusters. Learn more about EKS coverage in GuardDuty.
• The new AWS Security Hub makes it easier to prioritize security issues and respond at scale with additional correlation, contextualization, and visualization capabilities. Learn more about the new AWS Security Hub.
• The AWS Managed Security Service Providers (MSSP) Competency now includes new categories to help you find partners for specific needs faster. These new categories include infrastructure security, workload security, application security, data protection, identity and access management, incident response, and cyber recovery. Learn more about the new AWS MSSP categories.

“You shouldn't have to choose between digital sovereignty and innovation,” said Amy.

The AWS Digital Sovereignty Pledge highlights this, promising control over data location, resilience of the cloud, verifiable control over data access, and the ability to encrypt everything everywhere.

They made a few product announcements in line with this pledge, including exportable public certificates with AWS Certification Manager and simplified experiences in AWS Shield and AWS WAF.

Takeaways: 

• AWS Certification Manager now allows exportable public certificates. You can now export ACM-issued public certificates and their private keys for use inside and outside AWS. Learn more about exportable certificates in ACM.
• AWS Network Firewall now includes a new managed rule group called active threat defense to protect against active threats relevant to AWS workloads. Learn more about this new rule group in AWS Network Firewall.
• AWS Shield’s new network security director makes it easy to spot missing or misconfigured network security services and recommend remediation steps. Learn more about AWS Shield network security director.
• AWS WAF now has a simplified console experience that makes it easier to optimize web application security with simpler configuration, protection, and recommendations. Learn more about AWS WAF's new console experience.
• Amazon CloudFront now has simplified onboarding, fast-tracking CDN setup and making it easier to manage multiple services like AWS Certificate Manager, Route 53, and AWS WAF within the CloudFront console. Learn more about CloudFront's simplified onboarding experience.
• AWS Backup now offers Multi-party approval for logically air-gapped vaults. This allows you to access your backups even if you can’t access your AWS account. Learn more about Multi-party approval for AWS Backup.

Migrating to the cloud takes more than a lift-and-shift approach. It’s about full-scale modernization. And when it comes to securing the cloud, Amy said, “Success hinges on understanding the shared responsibility model.”

For customers, part of their responsibility is performing regular patching at all layers of your tech stack. It should be an ongoing process that’s part of your security practices.

AWS makes it easier with built-in security controls for services like AWS Lambda, Amazon S3, and AWS Key Management Service that AWS continuously patches and maintains.

Amy ended her keynote by reiterating the importance of strong security fundamentals for innovation. Security shouldn’t be a barrier—it should be an enabler that allows teams to experiment, build, and ship with confidence. 

“A secure foundation doesn’t slow you down, it speeds you up,” she said.

Accelerate your initiatives with our hands-on skill development platform for cloud, security, and tech skills. Learn more about Pluralsight available on AWS Marketplace.

Want to jump right into learning? Explore AWS courses on Pluralsight, including: 

• Hands-On Security with AWS Security Hub

• AWS Cloud Security

• AWS Certified Security – Specialty (SCS-C02)