Page 277 - Cyber Defense eMagazine September 2025
P. 277
IAM Access Analyzer
AWS Verified Permissions
Policies & Procedures Governance and compliance AWS Audit Manager
AWS Organizations (SCPs)
AWS Config
AWS Trusted Advisor
AWS Well-Architected Tool
Securing Generative AI services on AWS
With this Defense in Depth framework in place and all services providing layered security, let's explore
how AWS services augment the security across its generative AI services. Based on my implementation
experience, three Generative AI services are particularly notable to be discussed from this perspective:
1. Amazon Bedrock
Amazon Bedrock has evolved into AWSs cornerstone for secure foundation model deployment. Its
security features address the core challenges regularly encountered in enterprise implementations:
Data Privacy
- No customer data used for model training
- Private customization capabilities within customer VPC
- Secure model fine-tuning with customer-controlled encryption
- Enhanced PII detection capabilities
Access Controls
- Fine-grained IAM permissions for model access
- Role-based controls for model management
- Secure API authentication
Network Security
- VPC Endpoint support
- Private network connectivity
- TLS 1.2 encryption minimum for data transit
Content Safety
- Configurable content filtering
Cyber Defense eMagazine – September 2025 Edition 277
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
