The elasticity of commercial cloud computing means organizations can easily add new regions and zones for specific purposes. It lets them add new accounts or new instances of applications just as easily. But for all of these resources to stay secure, they need to be accompanied by, or inherit, the zero trust elements assigned to the originals.
That’s where AWS Control Tower comes in. Control Tower is a service for ensuring a customer’s governance and security rules cover all of an organization’s workloads and accounts.
“It ensures that as new accounts come online, as new regions come online, they’re automatically folded into that organization and the existing guardrails — the governance that AWS puts in place — falls down to that new inherited, child account,” said Dennen Monks, field tech strategist at CrowdStrike.
CrowdStrike, as an AWS partner, “is automatically bootstrapped or instrumented within that environment,” Monks said during Federal News Network’s Accelerate Together: Zero Trust 2025.
He said that, for example, if an agency spins up a new Amazon Elastic Cloud Compute (EC2) virtual machine, “the CrowdStrike sensor is automatically deployed, active and reporting home.”
Accounting for compliance through zero trust in the cloud
CrowdStrike provides several services including endpoint security and management, vulnerability detection and management, and identity protection.
Monks said the Control Tower–centered application of cybersecurity services is important to federal civilian and Defense agencies seeking zero trust.
“We want to ensure that we can maintain that federal compliance,” Monks said. “As we onboard a new account, those FedRAMP high-authorized modules of CrowdStrike are automatically pulled into that account.”
Monks explained that CrowdStrike Falcon, the company’s software as a service platform, is specifically designed to protect AWS-hosted workloads for agencies building zero trust environments.
Falcon “enables all the different telemetry and control that we apply across things like our sensor, our ability to go after identities, our understanding of the cloud control plane,” he said. The control plane is a repository of cloud administrative and management functions.
Monks said Falcon, operating at the control plane, supports the crucial identity and workload pillars of zero trust.
Extending zero trust to identities and workloads in the cloud
Monks called identity one of the most important pillars of a zero trust architecture. When someone is able to log on, “we want to want to understand where that subject is coming from, what type of device they’re on, what type of authorizations they should have, what type of additional authentication factors should be invoked.”
The same holds true for Internet of Things devices, he added.
That identity verification, followed by an automated risk analysis, must occur before an entity gets access to applications and data. And then, Monks noted, access should be limited to what the specific user needs and is authorized to access.
He used the analogy of a theme park. “We don’t want to give just a ticket to the theme park and let them go wherever they want,” he said. “There should be another check for the additional tickets at each ride and when they want to get a snack and the like.”
Monks added that identity and incorporation of conditional access policies are at the core of CrowdStrike’s platform. Working with AWS, he said the two companies have developed a concept of zero trust assessment that vets an identity against a range of policies before granting it access.
The assessment also distinguishes between user identity and device identity. Users might be associated with more than one device, Monks noted, and some users are not people but rather “asset-to-asset communications where basically just the device trust comes into play.”
After identity management comes protection of workloads, Monks said.
“Much like we would secure devices, we are able to apply CrowdStrike’s sensor to not only your classic virtual machine–type workloads within the cloud environment but also to containers, functions and serverless workloads as well,” he said. “All of those are different areas of telemetry that we can control or gather from and then apply control to.”
Monks said the telemetric approach to checking identities and workloads complements “the idea of a policy decision point and a policy enforcement point” pursuant to zero trust.
Monitoring continuously to maintain zero trust in the cloud
Continuous monitoring for threats and anomalous behaviors have been a part of federal cybersecurity practice for more than a decade. Monks said that CrowdStrike’s strategy for Control Tower brings every account into visibility and ensures nothing is overlooked.
“First of all, how do we even consider applying continuous threat visibility and monitoring if we aren’t automatically pulling in those accounts?” Monks said. “The Control Tower plumbing behind the scenes really enables that.”
It’s important to share and analyze data produced by continuous monitoring, he added.
“What are all the ways we can work together to make sure that we are sharing that telemetry correctly, that we can parse that telemetry, that we understand those different entities?”
He said CrowdStrike works closely with AWS to help users ensure workloads, identities and permissions are all configured and managed correctly. Combined telemetry data can flag indicators of attack and what Monks called toxic combinations.
For agency customers, Monks said the AWS-CrowdStrike combo covers security of the cloud itself and security of the agency’s own assets in the cloud. “Between the two, you’ve got really nice coverage of that overall shared responsibility model,” he said.
CrowdStrike recently received authorization for FedRAMP high, Monks said. “Which means we can work with some of the most sensitive agencies in the world to ensure their data stays safe being processed by the Falcon platform.”
The company also has Impact Level 5 level certification for the Defense Department.
“If we want to apply those zero trust principles to the most sensitive data in the world, then we’ve got to make sure we have those levels of maturity,” he said.
A high level of maturity enables safe migrations of workloads from on premise and from other commercial clouds to the AWS cloud, Monks said.
Discover more articles and videos now on Federal News Network’s Accelerate Together: Zero Trust 2025 event page.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
