Protect Your Data With Strong AWS Security Policies

k9 Security helps engineers and analysts continuously assess and improve AWS security policies by simplifying analysis of access controls and guiding policy improvements with actionable recommendations and robust automation.

Secure Your Organization’s AWS IAM


Many organizations unintentionally grant excessive permissions to people and applications.  The underlying reason may be a misunderstanding of what’s needed, or to avoid ‘blocking’ delivery projects for custom policies crafted by Security experts, or acquired via merger.

These excess permissions put critical Cloud data and compute resources at risk of theft or destruction by malicious actors or internal accidents.  Some of these risks may impact as catastrophic data loss or corruption.  Principle of Least Privilege is a great goal, but the scale, complexity, and change rate of modern delivery practices make it very difficult to achieve and overloads security experts.

Continuous delivery and the decomposition of application architectures from monoliths to services or functions result in an explosion of distinct application instances, data sources, and identities. Some of these risks are being realized right now with actors using permissions to access resources they should not, such as an unrelated application’s secrets, objects in an S3 bucket, or a DynamoDB table. 

The key is to identify and remediate the most critical access control risks before they impact your organization.

The Nature of The Problem

Complex AWS Security Model

AWS policy evaluation is very complex.  Five kinds of policy, +3500 API actions, and frequent changes with new services and actions launching daily.

Changing Application Architectures

Application architectures evolve constantly to meet new requirements.  Applications are added to meet customer needs and also decomposed to scale with the organization.

Increasing Rate Of Change

Applications and their infrastructure are changing faster than ever. Continuous Delivery and Infrastructure as Code can deliver multiple security changes per week, day, or hour.

$100M Credit Data Breach – A Case Study In The Danger of Accidental, Overly Permissive  AWS Security Policies


Annual Net Income (2014-2018): 

Up 29.5% (+1.3 billion)

Enabled by flexibility and scalability of AWS


Expected Loss from 2019q3 Breach:

$100 million to $150 million

Enabled by overly permissive AWS security policies

Building in the Cloud provides a great foundation for growth — how do we build safely?

Prevent Losses And Remediate Vulnerabilities With k9

k9 Security helps organizations to manage their AWS Identity and Access Management Posture effectively and easily by continuously assessing your organization’s security policies.  This assessment reports who has access to data in S3, KMS, DynamoDB, and RDS. Then k9 Security helps you evaluate the risks to that data and guides you in improving security policies.

This approach simplifies the traditional arduous access review process by providing you easy-to-understand, comprehensive access inventory reports quickly.  The access inventory contains a prioritized list of risky configurations and unintended access capabilities. Our goal is to help you use this information to improve your security posture and reduce your enterprise’s risk.

k9 analyzes your AWS identity and data access controls then reports who has access to what in a way that is easy to understand and improve using tools your existing toolset.

Simple Daily Reports

Once configured, k9 will assess your entire AWS IAM ecosystem each day and publish a report to your own secure inbox in S3. The JSON format is perfect for your SIEM and the Excel format (sample) is great for interactive analysis.

Pivot, filter, slice, and dice with tools and data you already use.

Certified 3rd party access audit? ✓ Done.

Need to know when a principal was last used? ✓ Done.


Who has access to what data?

k9 Security helps your organization

See Who Has Access To What

k9 shows you who has access to what data in primary AWS data services: S3, KMS, DynamoDB, RDS

Speak the same language

Discuss and engineer access controls in a simplified higher level language.

Improve Your Access Controls

k9 helps you improve your organization’s access controls with targeted recommendations to improve security policies with security policy generators and professional overhaul services

The AWS Identity and Access Management Capability Your Organization Needs

k9 Security Smart Access Management helps organizations to manage their AWS Identity and Access Management Posture easily.

Gain Control Of AWS IAM With k9

k9 provides the information your organization needs to understand and manage your AWS IAM more securely with simple, continuous access capability reporting and prioritized, actionable recommendations.

Simple, Continuous

The daily access inventory report clearly and simply identifies the effective access each application and person has to each covered resource.

Robust Policy Automation

Improve your security policies by using k9’s infrastructure automation libraries to specify your intended access clearly and let k9 take care of generating a least privilege security policy. 

Shift Effort to Improving

Easy to consume reporting shifts efforts to improving security policies from tedious data collection and analysis.

Start finding & fixing issues quickly (hours, not weeks)




Subscribe to k9 Security inAWS Marketplace

configure access

Configure k9 access to your AWS accounts in less than 30 minutes with our simple automation.


Audit access assessments of your accounts delivered daily to your secure inbox (S3 bucket).

Improve Policies

Use k9 access reports,  automation libraries, and pro support to improve security.

Ready To Take Control Of AWS IAM?