Next year, Amazon Web Services customers signing into the AWS Management Console with a root user account will be required to enable multi-factor authentication to proceed.
“This certainly shows a security-first mindset,” said Michael Soule, national director of enterprise architecture and innovation at AWS partner Sentinel Technologies. “Use of MFA on emergency access accounts has been challenging given their shared nature. However, AWS offers good options to support this change, allowing up to eight MFA devices and supporting FIDO security keys, such as Yubico.”
Beginning in mid-2024, customers signing into the AWS Management Console with the root user of an AWS Organizations account will be required to enable MFA to enter.
[Related: Oracle, Microsoft, SAP, Workday Lead Cloud ERP Market: Gartner]
The AWS Management Console is a web application comprised of a broad collection of service consoles for managing AWS resources. The console’s home page provides access to each service console and offers a single place to access the information customers need to perform their AWS related tasks.ADVERTISEMENT
Steve Schmidt, vice president of security engineering and chief security officer at Amazon, said the company will expand this program throughout 2024 to additional scenarios—such as standalone accounts outside an organization in AWS Organizations—as AWS release features that make MFA even easier to adopt and manage at scale.
“Verifying that the most privileged users in AWS are protected with MFA is just the latest step in our commitment to continuously enhance the security posture of AWS customers,” said Schmidt in a blog post today.
Customers who must enable MFA will be notified of the upcoming change through multiple channels, according to AWS, including a prompt when they sign into the console.
‘Security Is Our Top Priority At AWS’
Amazon’s Schmidt said “security is our top priority at AWS.”
“MFA is one of the simplest and most effective ways to enhance account security, offering an additional layer of protection to help prevent unauthorized individuals from gaining access to systems or data,” said Schmidt.
The $85 billion worldwide cloud market share leader has been investing in cloud security including new products and features as well as in new partner programs.
In June, AWS launched a new Cyber Insurance Program that guarantees customers a security insurance quote within two days, tied with massive revenue opportunities for the channel.
The program is aimed at helping AWS customers improve their security posture and get insured as quickly as possible—streamlining the sometimes-painstaking process of getting a customer the cybersecurity insurance it wants or needs.
Sentinel Technologies, a Downers Grove, Ill.-based top security solution provider, said it’s thankful that AWS is consistently striving to improve customers security posture. “The AWS teams provide guidance on how to operate securely from their user guides to the well-architected framework,” said Sentinel Technologies’ Soule.
In late 2022, AWS launched support for customers to register up to eight MFA devices per account root user or per IAM user in AWS, creating additional flexibility and resiliency for your MFA strategy.
“While the requirement to enable MFA for root users of Organizations management accounts is coming in 2024, we strongly encourage our customers to get started today by enabling MFA not only for their root users, but for all user types in their environments,” said Amazon’s Schmidt.LEARN MORE: Cloud Security | Cybersecurity | Endpoint Security
Mark Haranas is an assistant news editor and longtime journalist now covering cloud, multicloud, software, SaaS and channel partners at CRN. He speaks with world-renown CEOs and IT experts as well as covering breaking news and live events while also managing several CRN reporters. He can be reached at [email protected].
RELATED CONTENT
Google Hires 5 New Execs From AWS, Databricks: Here’s WhoHybrid Cloud Fast Tracks Put Ingram Micro Partners On The Road To SuccessHPE Restructuring: New Hybrid Cloud Business Unit, Executive Reassignments, DeparturesGoogle Cloud CEO On AI At Goldman Sachs Event: ‘We Have A 10-Year Head Start On Any Competitor’Microsoft Cloud Tools Vendor SkyKick Confirms Layoff Of 140 Employees TO TOPADVERTISEMENT
TRENDING STORIES
- Google Hires 5 New Execs From AWS, Databricks: Here’s Who | CRN
- Palo Alto Networks Unveils Big Upgrades To Partner Profits, Sales Rep Incentives | CRN
- Oracle, Microsoft, SAP, Workday Lead Cloud ERP Market: Gartner | CRN
- 10 Hot New Cloud Security Tools In 2023 | CRN
- Intel Hits Key Chip-Making Milestone In Gelsinger’s Comeback Plan | CRN