With security top of mind for businesses of all sizes, the need for continual improvement and evolution of the required tools has never been greater.
AWS has long looked to promote itself as one of the key players in this area, with the scale of its resources and influence meaning it can dedicate focus like no one else.
TechRadar Pro spoke to Chris Betz, CISO at AWS, to hear more about the company’s work in this area, and how security is a key priority for the business and its customers like never before.
Making security simple
“Building good security solutions is hard, building simple security solutions is an art - and we have to do both, wherever we can,” Betz told us at the recent AWS re:Invent 2024 event.
“The work that's being done to make security simple, at scale, is really interesting,” he added, highlighting the recent launches of VPC block public access, which allows for greater protection with just a single click, and declarative policies, which gives a much smoother way to roll out rules across an organization, as just a minor selection of its recent releases.
AWS has obviously needed to maintain its security standing in recent years as more attention is focused on AI and the infrastructure needed to support it, with the company playing a vital role for customers across the globe looking to take that next step.
“Everything we ship goes through an intense security review,” Betz notes, “and we make sure that things are ready before they go!”
“Everything starts with security, and that’s one of the most things about working at AWS - I’ve been at many companies where I meet with business leaders, industry leaders… and here, I get to go and listen because they’re three steps ahead (on security). I get to ask, how can we make this simpler, and take that next step - and that’s a powerful place to be.”
The role of AI in the security industry has been a subject of much debate for companies of all sizes, with AWS able to take advantage of huge resources to ensure its services are top tier.
Betz notes his team are passionate about solving really hard problems, “and everything else should be solved by a computer” - namely, the AI tools that are able to help with what he calls the "really hard, but not necessarily interesting problems", giving his team the opportunity to accelerate in those spaces without losing focus or resources.
“We’re still constantly learning,” he admits, “the field is constantly adapting, I have teams of security engineers who are spending their time at the cutting edge, learning how to build secure solutions for generative AI, learning how to do things like responsible AI, and doing novel work.”
“Security investments can do amazing things for business - allowing you to go faster, and better than anyone else - and that’s exciting.”
“Having those foundations and the approach to security that AWS does…we’ve seen other companies rapidly go to market - I think it’s safe to say rush to market - with generative AI capabilities, we can see that those things have not always been true - but for us, that’s just the way we operate, and we knew our customers wanted choice in security… and to be able to trust that generative AI works - the same way they can trust that everything else at AWS works.”
"Natural motion" of security
Given AWS’ status in the market, it seems obvious that the company should feel the need to lead the way somewhat when it comes to making security simple and understandable - yet also resilient and top-of-the-game.
“When we do it best, we make security a natural motion,” Betz notes, “attackers are evolving, we have to evolve as well, and my goal is to make sure we are always moving faster than the adversaries,” he notes - adding that giving customers these capabilities out of the box is also a critical focus.
“All the things that we’ve built are designed so that our customers can simply and easily express what they’re trying to achieve, and get it implemented easily and securely.”
“I want customers to trust AWS as the most secure place to do their work…we need to work together to address malicious actors, and to try and stop them to the best of our ability.”
Meeting these expectations is another key consideration, Betz notes, but the more exciting moments come when his team is able to build on the foundations already established at AWS, often working backwards from customer needs.
“My job is to ensure the foundations AWS provides are secure,” he says, “and the way you get to do that at scale is by making the foundational investments that you can build on top of - otherwise you’re constantly chasing security.”
“That culture isn’t built overnight, that gets built over many, many years, and gets reinforced every day," Betz adds, "building new technologies means I get to stand on the shoulders of those giants, and take the next step.”
“Ultimately we want AWS to be, not just be the most secure cloud environment, but also, we want it to be the place where customers can most easily build their secure solutions."
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
