TECHnalysis Research Blogs
TECHnalysis Research president Bob O'Donnell publishes commentary on current tech industry trends every week at LinkedIn.com in the TECHnalysis Research Insights Newsletter and those blog entries are reposted here as well. In addition, those columns are also reprinted on Techspot and SeekingAlpha.

He also writes a regular column in the Tech section of USAToday.com and those columns are posted here. Some of the USAToday columns are also published on partner sites, such as MSN.

He also writes a 5G-focused column for Forbes that can be found here and that is archived here.

In addition, he also occasionally writes guest columns in various publications, including RCR Wireless, Fast Company and engadget. Those columns are reprinted here.

June 18, 2025
AWS Enhances Security Offerings

By Bob O'Donnell

If I’m being totally honest, it’s difficult to get excited about improved security capabilities in the tech world. I know they’re incredibly important and absolutely essential to keep everything functional in today’s cyberthreat-filled world. But it’s kind of like thinking about insurance—not much fun. On top of that, by necessity, security updates need to be released at a rate that’s as fast (or even faster) than the latest technological innovations—such as generative AI developments—in order to keep bad actors at bay.

Regardless of the excitement level or the blistering pace at which the announcements are made, however, as Amazon’s AWS division clearly demonstrated at their recent re:Inforce event, security-based capabilities are the rock upon which future technology developments can be made. To put it in their own words, “Security is the foundation for everything so customers can build anything.”

In that light, it’s worth taking the pulse of where security developments are moving and re:Inforce provided a solid means of doing so. Key to many of the announcements at the event were important enhancements to the core capabilities that AWS provides: Identity Access Management (IAM), Monitoring and Incident Response, Data and Network Protection, and Migration and Modernization. Each of these essential functions saw various levels of new capabilities added to them at the event.

On the IAM front, AWS debuted a newly enhanced IAM Access Analyzer service which is now able to combine data feeds from multiple sources and compare them across multiple profiles to ensure organizations know exactly which people are connecting to/using which AWS resources. In particular, it lets companies set corporate-wide least privilege standards, which can be challenging without a lot of extra effort.

For Monitoring and Incident Response, the company made several big announcements including an updated version of Amazon Guard Duty and a reenvisioned version of the Amazon Security Hub. The Guard Duty service leverages AI models to scan for sophisticated multi-stage attacks and provides preventative tips to stop them. Arguably one of the most important announcements from the event was the re-launch of Security Hub. This tool provides a visual dashboard-style display of multiple different types of log data, prioritizing the most important notifications, and provides an easily understandable set of actions that security professionals can take to address the issues.

Data and Network Protection enhancements include the extension of the AWS Certificate Manager which now includes the ability to create exportable certificates. This allows developers to leverage the same certificate across hybrid and even multi-cloud implementations. Currently unique to AWS—for now at least—this new feature addresses a pain point that many organizations building around a hybrid, multi-cloud strategy often face.

The company also debuted a new version of the AWS Shield which can automatically look for and provide remediation recommendations for configuration issues when companies are working to first deploy new applications on AWS. The big difference versus previous versions is that the service will now proactively look for flaws that would be subject to DDOS (Distributed Denial of Service) attacks and addresses them at the network level versus reacting to issues after they occur.

Migration and Modernization improvements centered around developer-focused advancements that are intended to make the process of integrating security into customer applications at an earlier stage—the “shift left” philosophy—much easier. Again, there were several news announcements here, including extending the reach of the Amazon Inspector tool all the way into GitHub and GitLab software repositories where software development processes start. Inspector is an automated tool designed to scan software for potential vulnerabilities. The AWS security team has been working to expand its reach into a wider variety of software types, images, containers, functions and more all with the intent to reduce potential problems or security holes before applications get widely deployed.

Another developer-related announcement was a simplification of the company’s Cloudfront web application delivery tool and Web Application Firewall (WAF). Both of these tools play critical roles in the initial configuration and deployment of security features for AWS-based applications, but many users found them confusing. In order to help avoid the unintended consequences of misconfiguring them, Amazon made the tools more visual and easier to use, allowing a wider range of developers to use them confidently.

During the event’s main keynote, there wasn’t a great deal of focus on GenAI and agents, but in separate sessions the company covered their advancements extensively and, quite frankly, impressively. One of the interesting high-level points that came out of these discussions is how the traditional definitions of security are being extended in the GenAI era, particularly when it comes to access to securing the data foundation that underlies GenAI applications. The company made a point to emphasize that their Bedrock AI application platform has zero access to any company’s data, prompts, or model-generated data, ensuring that companies can feel confident using them without any privacy or data leverage concerns.

The company also discussed how they’re focused on leveraging GenAI in three important ways: securing their customer’s GenAI workloads, using GenAI to create better security capabilities, and working to block more sophisticated GenAI-powered security threats. Some of the key technologies they’re making available for customers to use in their Bedrock platform is a sophisticated set of guardrails designed to help ensure that company’s AI projects avoid potential problems and, importantly, reduce potential hallucinations.

One of the core means of ensuring these capabilities is a mathematical-based set of principles called Automated Reasoning that Amazon believes they are clear leader in. First discussed at last year’s re:Inforce, Automated Reasoning offers a mathematically verifiable way of ensuring that security-based decisions are accurate.

Looking ahead, AWS also discussed the work the company is doing to start integrating agentic AI into their Bedrock platform with efforts on MCP (Model Context Protocol), A2A (Agent-to-Agent) and other developing standards. In fact, the company highlighted a suite of tools it’s starting to make available to help with the creation of both individual agents and sophisticated multi-agent systems. While there’s still more to be done, it’s clear AWS is actively preparing the tools and platform extensions it needs to fully embrace the world of agentic AI.

Here's a link to the original column: https://www.linkedin.com/pulse/aws-enhances-security-offerings-bob-o-donnell-cuhzc

Bob O’Donnell is the president and chief analyst of TECHnalysis Research, LLC a market research firm that provides strategic consulting and market research services to the technology industry and professional financial community. You can follow him on LinkedIn at Bob O’Donnell or on Twitter @bobodtech.