SEC01-BP08: Evaluate and implement new security services and features regularly

Evaluate and implement security services and features from AWS and AWS Partners that allow you to evolve the security posture of your workload.

Implementation guidance

AWS regularly releases new security services and features to help you improve your security posture. By staying informed about these releases and evaluating them for your workloads, you can continuously enhance your security capabilities and address evolving threats.

Key steps for implementing this best practice:

  1. Stay informed about new security services and features:
    • Subscribe to the AWS What’s New announcements
    • Follow the AWS Security Blog
    • Attend AWS events like re:Invent, re:Inforce, and AWS Summits
    • Join AWS security webinars and virtual workshops
    • Follow AWS security experts on social media
    • Participate in AWS security communities and forums
  2. Establish a process for evaluating new security services:
    • Create a security roadmap aligned with your business objectives
    • Define criteria for evaluating new security services
    • Assign responsibility for monitoring and evaluating new services
    • Establish a regular cadence for security service reviews
    • Document evaluation results and decisions
  3. Test new security services in non-production environments:
    • Set up dedicated test accounts for security evaluations
    • Create proof-of-concept implementations
    • Test integration with existing security tools and processes
    • Evaluate the impact on performance, cost, and operations
    • Document findings and lessons learned
  4. Implement new security services strategically:
    • Prioritize services that address your highest security risks
    • Develop an implementation plan with clear milestones
    • Start with low-risk workloads before expanding to critical ones
    • Monitor and measure the effectiveness of new security services
    • Adjust your implementation based on results
  5. Continuously improve your security posture:
    • Regularly review the effectiveness of implemented security services
    • Stay informed about updates to existing security services
    • Retire outdated or redundant security controls
    • Adjust your security strategy based on evolving threats
    • Share knowledge and best practices across your organization

Implementation examples

Example 1: Security service evaluation framework

CODE SNIPPET WILL BE PROVIDED SOON –>

Example 2: Security services implementation roadmap

CODE SNIPPET WILL BE PROVIDED SOON –>

Example 3: Automated security service deployment

CODE SNIPPET WILL BE PROVIDED SOON –>

AWS services to consider

AWS Security Hub

Provides a comprehensive view of your security state in AWS and helps you check your compliance with security standards and best practices. Aggregates, organizes, and prioritizes security alerts from multiple AWS services.

Amazon GuardDuty

Provides intelligent threat detection for your AWS accounts and workloads. Continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

Amazon Inspector

Automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

AWS IAM Access Analyzer

Helps you identify resources in your organization and accounts that are shared with an external entity. Identifies unintended access to your resources and data, which is a security risk.

Amazon Macie

A fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Provides visibility into data security risks.

AWS Firewall Manager

A security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. Simplifies your AWS WAF, AWS Shield Advanced, and VPC security groups administration.

Benefits of regularly evaluating and implementing new security services

  • Enhanced security posture: Access to the latest security capabilities
  • Proactive threat mitigation: Stay ahead of evolving security threats
  • Operational efficiency: Leverage new automation and integration capabilities
  • Cost optimization: Take advantage of more efficient security solutions
  • Compliance support: Address new compliance requirements with purpose-built services
  • Reduced security debt: Avoid accumulating outdated security practices
  • Competitive advantage: Implement security innovations faster than competitors

Related Resources

Copyright © 2025 Cloudvisor. Distributed under the MIT license.

Powered by Just the Docs, a documentation theme for Jekyll.