AWS Revamps Security Competency To ‘Accelerate’ Cloud Sales

Here’s what AWS channel partners, ISVs and customers need to know about the revamped AWS Security Competency and its eight new categories.

Amazon Web Services has reinvented its popular AWS Security Competency program with eight new categories to help customers more easily find partner software and service solutions while also providing the channel with over 40 specific customer use cases.

“Basically, this allows partners and customers to speak the same language,” said Pavel Vasilyev, chief technology officer at ClearScale, a San Francisco-based AWS partner. “This allows customers to understand where they should be really focusing on themselves or together with a partner around cloud security.”

Each of the eight categories are defined by AWS security experts to help customers find specific system integrators, security managed service providers and independent software vendor (ISV) offerings to fit their specific cloud security needs.

“We’ve created common customer use cases based off of real, boots on the ground, in the field experience we’ve seen at the customer level,” said Ryan Orsi, AWS’ worldwide head of Cloud Foundations for the AWS Partner Network.

[Related: AWS Marketplace: 8 Huge Cost Savings And Business Benefits]

“So the partner opportunity is around aligning their product or service, their messaging, and their go-to-market strategy to what AWS is seeing as the most highly in-need challenges out there for security with these new categories,” said Orsi. “It’s a great way for partners to increase their business, increase their trust and visibility with their customers and prospects out there to show they have all the right skill sets and knowledge about AWS environments.”

The new AWS Security Competency categories are aligned to work with common security problems businesses encounter during their cloud journey, with AWS matching a customer with partner to help with deployment, staff training, multi-cloud implementations, hybrid security tools and automation.

AWS’ 8 New Security Competency Categories

The eight new AWS Security Competency categories are: Threat Detection and Response; Identity and Access Management; Infrastructure Security; Data Protection; Compliance and Privacy; Application Security; Perimeter Protection; and Core Security.

Unveiled at AWS’ security event re:Inforce today, here’s a breakdown of each category and what is required by a partner to achieve.

For Threat Detection and Response, partners need to demonstrate the ability to spot issues before they impact an account and act on that knowledge to improve the security posture and reduce the risk profile of their customers.

“For example, Threat Detection and Response is where customers can find endpoint products, and associated endpoints products installation, deployment or training services that have all been validated by AWS,” said AWS’ Orsi. “They can also find a partner of security software that addresses the SIM environment or central log collection products. This is where they can find those that have been vetted and validated by AWS, and they can also find a associated system integrator who are experts at deploying that and in training the customer on how to use that software.”

To achieve an Infrastructure Security competency, AWS partners need to showcase their ability to ensure that systems and services within customer workloads are protected against potential vulnerabilities as well as unintended and unauthorized access.

For Identity and Access Management, partners need to have a proven track record of helping customers define, enforce, and audit permissions across internal and external services, actions, and resources, including AWS accounts.

The Data Protection category focuses on partners understanding of sensitive data in a customer environment and creating controls based on different levels of sensitivity.

AWS partners in the Compliance and Privacy competency have a successful history helping customers build environments in the cloud that adhere to industry standards, pass internal/external audits regimes, and achieve third party certification.

The Application Security competency is focused on helping customers test and protect their code from threats. Protections include: performing code reviews, penetration testing, and mitigation of findings.

The new Perimeter Protection services category is for partners who help customers implement and manage AWS Shield Advanced to protect AWS resources, such as Elastic Load Balancing, Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53, from application threats like Distributed Denial of Services, SQL Injection, and Cross-Site Scripting. These types of partners operate 24/7 Security Operations Centers (SOC).

Lastly, the Core Security competency is for partners who demonstrate broad and deep knowledge across many of the other seven new categories listed.

AWS ‘Aligning” Partners With Customers

AWS partner ClearScale said there are many organizations that do not have the time or expertise to sort through all the security offerings and partners in the market to find the correct solution.

“There are many, many customers looking for a single trusted partner that is validated by the vendor to help their security needs. These security competency subcategories, in particular, are extremely valuable for both partners and customers,” said Vasilyev. “They are aligning us with customers.”

Vasilyev added that the new AWS Security Competency categories offers partners “a great way to upsell” as well.

“Because you basically can tell the customer that, ‘This is how AWS cloud security framework works. These are things that are already covered in your environment. And these are things that are not really covered in your environment right now,” he said. “This is where ClearScale can help.”

‘The Opportunity In Front Of Us Is Huge’

The revamped AWS Security Competency highlights partners that hold deep technical expertise and proven customer success securing every stage of cloud adoption, from initial migration through ongoing day-to-day management.

The program allows customers to easily find, buy, deploy, and manage cloud-ready software solutions, including software-as-a-service (SaaS) products, in a matter of minutes from AWS Marketplace.

AWS’ Orsi said partners need to take a serious look at the new AWS Security Competency “as a way to more easily accelerate their cloud business” in the fast-growing cybersecurity market.

“The scale that AWS sees in the cloud space is massive. The opportunity in front of us is huge,” said Orsi. “We see partners as a critical strategic component to accelerating that growth for the whole community.”