AWS’ New Security Specializations For MSSPs Removes ‘Ambiguity’

At AWS re:Inforce today, the public cloud leader launched six new specialization categories for the AWS Level 1 MSSP Competency program. Here’s everything AWS partners and customers need to know.

Ryan Orsi, AWS’ worldwide head of Cloud Foundations for the AWS Partner Network

AWS is doubling down on partner cybersecurity enablement by launching six new specialized managed security services to boost the channel’s ability to provide 24x7 services while also removing the “ambiguity” that exists in the security industry.

“We’re really removing a lot of the traditional ambiguity that exists in the security space in general,” Ryan Orsi, AWS’ worldwide head of Cloud Foundations for the AWS Partner Network told CRN. “There’s sort of an ambiguity from a customer perspective on: what’s included in the software, or what’s delivered in that scope of work from the contract? And we’re really being super prescriptive with this.”

At AWS re:Inforce today in Boston, the public cloud giant unveiled six new specialization categories for its AWS Level 1 MSSP Competency program, aimed at helping customers discover partner solutions in providing 24x7 monitoring and response services.

[Related: AWS’ New EC2 Instances On Apple’s M1 MAC: 5 Key Features]

The new six specializations in the program are: identity behavior monitoring; data privacy event management; modern compute security monitoring for containers and serverless technologies; managed application security testing; digital forensics and incident response support; business continuity and ransomware readiness to recover from potentially cyberattacks.

Going ‘Beyond’ AWS Baseline Managed Services

In August 2021, AWS introduced the Level 1 Managed Security Services (MSS) baseline detailing ten foundational capabilities for MSSP partners to align their managed services to, along with the Level 1 MSSP Competency.

AWS said it established an industry-first quality of standard for customers to measure their security operations to. Some of the 10 initial services in the Level 1 MSSP Competency program included AWS infrastructure vulnerability scanning, resource inventory visibility and compliance monitoring.

“We’re enhancing the program based off customer feedback that they want to go even further, beyond these initial baseline managed services,” said Orsi. “Partners can align to this very prescriptive set of managed security service specialized services.”

AWS highlights partners who achieve a Level 1 MSSP Competency specialization as solution providers whose offers have been tested and fully vetted by AWS.

Lahav Savir, chief technology officer and co-founder of AllCloud, a Denver-based AWS Premier partner, is bullish that the new specializations will help customers understand exactly what they need on the cybersecurity front.

“Customers do not typically know what the problem is, and because there’s so many new technologies coming to market every day, they don’t know what is needed to manage everything,” said Savir.

“Amazon is being very prescriptive here around: what are the security domains that need to be tracked and managed when living in the cloud. And is it a service or a technology,” he said. “For example, there are many new container security services, serverless security technologies, etc.— I’m hearing that they’re now going to put in every ISV product in a category, which is great so the customer can know what their buying. … This makes it a lot easier for customers to digest and know what to look for from a partner.”

Partners To Receive Same Training As Internal AWS Reps

For the new Level 1 MSSP Competency specializations, AWS is treating partners in the program as an extension of AWS’ own security team.

“We’re basically delivering what used to be internal AWS training for new staff members, we’re delivering that now directly into our Level One MSSP Competency partners,” said Orsi. “Because we really want to share all the knowledge and all the best practices with them.”

AWS is hosting four technical training events this year for Level One MSSP partners only.

Orsi said the technical security standard established within the program and specializations is a great way to remove ambiguity for customers and partners.

“Building on a technical standard is a great way to remove ambiguity for customers and for the partners involved in what might be questions about: what services should be offered, or what are the final deliverables during a professional service engagement, or what are the technical functionality and capabilities of the new software that a partner might be thinking about building or a customer might be thinking about adopting—this program really helps cut through that ambiguity,” he said.

For AllCloud, the future looks bright for AWS’ security business.

“Enterprises are now strategically trusting Amazon in bringing almost any kind of data into the cloud. AWS is doing a really good job in how to structure and craft a really secure environment,” Orsi said.

AWS re:Inforce runs from July 26 to July 27 in Boston.