This week Amazon announced that it was making its new AWS Verified Access service generally available. The expanded offering boasts some new features. Many of these were absent in the original preview version launched at AWS re:Invent 2022 last November.
In a blog post, Amazon’s Riggs Goodman III and Shovan Das detailed the new service. “AWS Verified Access enables customers to provide VPN-less, secure access to their corporate applications”, they explain.
The new service is built using AWS Zero Trust principles. The company says customers can use Verified Access to reduce the risks associated with remote connectivity. “IT administrators and developers can define fine-grain access per application using real-time contextual signals, including identity and device posture”, they add.
In real-world terms, “zero trust” means that when employees enter their login credentials, the service checks if they’re correct and approves or rejects each access request accordingly. Zero trust Verified Access can also make access to specific applications conditional. It may for example require that a user signs in from a secure device.
Verified Access also simplifies security operations by allowing customers to manage such policies for each application all in one place.
Targeted protection for web applications
Goodman and Das explain that Verified Access now supports AWS Web Application Firewall (WAF) integration to protect web applications (HTTP/S) from application-layer threats. “You can now filter out common exploits, such as SQL injection and cross-site scripting (XSS) using AWS WAF, while enabling AWS Zero Trust-based fine-grained access for your applications using user identity and device security status”, they explain.
In addition, Verified Access supports passing signed identity context to a customer’s application endpoints. The service passes signed identity context, including things like email, username, and other attributes from the identity provider to the applications. “This enables you to personalize your application using this context, eliminating the need to re-authenticate the user for personalization”, they add.