News
Amazon Pledges Resources as Part of Biden's Cybersecurity Push
Amazon is one of several tech giants that emerged from a meeting with the Biden administration this week with promises to ramp up their efforts against cybersecurity attacks.
The company is pledging to provide a "multi-factor authentication (MFA) device" at no cost to qualifying customers of its Amazon Web Services (AWS) cloud, as well as to make its internal security training materials available to the public. The move aims to "help protect organizations and individuals from increasing cybersecurity threats," Amazon said in its announcement.
Amazon's pledge coincides with an Aug. 25 meeting between major tech industry players and U.S. President Joe Biden. Besides Amazon, the other participating companies included Microsoft, Apple, Google, IBM and others.
"The purpose of today's meeting was to discuss opportunities to bolster the nation's cybersecurity in partnership and individually," the administration said in a statement.
To that end, Amazon is planning to issue free MFA "tokens" to AWS customers starting in October. The tokens, which can plug into users' USB ports, are meant to add another level of protection for AWS account holders against "phishing, session hijacking, man-in-the-middle, and malware attacks."
"AWS users with access to the AWS Management Console can authenticate themselves by typing in their passwords and then simply touching the MFA security token plugged into their computer's USB port," according to Amazon.
In addition, to expand access to cybersecurity education, Amazon in October will release its Security Awareness internal training curriculum to the public at no cost. Amazon describes this as a "digestible and succinct curriculum" that includes video and online modules. Its aim is to educate organizations and individuals about security breaches that rely on social engineering, such phishing e-mails and scam phone calls.
"A fundamental problem when addressing current cybersecurity threats is education, which is why we're excited to share our Amazon Security Awareness training for free to help organizations and individuals understand how to navigate and fight against security events," said AWS Chief Information Security Officer Steve Schmidt in a prepared statement.
This week's White House meeting follows an executive order issued by the Biden administration in May in response to several high-profile cybersecurity incidents, including the SolarWinds supply-chain attack, the "Hafnium" attacks on Exchange Server and a ransomware attack on Colonial Pipeline. That executive order urged businesses to "take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents."
Besides Amazon, other tech companies involved in the Aug. 25 meeting announced cybersecurity initiatives of their own. Amazon cloud rivals Microsoft and Google, respectively, promised to commit $20 billion and $10 billion over five years to cybersecurity efforts. More details about the other companies' security pledges are in this Redmondmag article.