AWS is introducing centralized security controls to help businesses adopt MFA

(Image credit: Future / Mike Moore)

AWS is introducing a central management tools to AWS Organizations
The tool will allow security teams to manage root user access
Root sessions are also being introduced for short-term root access

AWS Identity and Access Management is helping businesses boost multi-factor authentication (MFA) adoption and organizational security by introducing a centrally managed security feature.

The tool will help organizations and security teams manage root credentials and root sessions through AWS Organizations.

AWS hopes the tool will help reduce the risk of lateral movement and privilege escalation in the event of a cyberattack, while also making day to day security easier and scalable.

Boosting MFA and account security

AWS has taken several steps recently to enhance account security, initially introducing MFA for management account root users before launching FIDO2 passkey support which resulted in a 100% increase in MFA adoption for AWS Organizations users with more than 750,000 AWS root users enabling the phishing-resistant authentication method.

Now, security teams will also be able to remove long-term root credentials to prevent them from being abused, and will also stop them from being recovered and used maliciously.

“This will improve the security posture of our customers while simultaneously reducing their operational effort,” the blog post stated.

The centralized management tool will also allow security teams to create accounts without root credentials, making them secure-by-default and removing the need for additional security measures. The tool will also assist with compliance-related issues by allowing security teams to closely monitor and remove long-term root credentials.

As an additional preventative measure against the misuse of root credentials, AWS is also introducing ‘root sessions’ that provide short-term access for specific tasks and actions, relying on the principle of least privilege to minimize the possibility of malicious use.

Root sessions will also reduce the burden on security teams by helping them adhere to AWS best practices, and perform privileged root actions from a single central dashboard, rather than having to manually log in to each user account.

Central root account management is available through IAM console, AWS CLI or AWS SDK, with additional details for obtaining root credentials on the AWS blog.

Take a look at the best password managers
Here is our guide to the best endpoint protection
Apple says Mac users are being targeted by dangerous zero-day attacks, so update now

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Latest

12 of the best Christmas movies I'm streaming on Netflix, Prime Video and more this festive season

See more latest ►

Boosting MFA and account security

Are you a pro? Subscribe to our newsletter

You might also like

Most Popular