It’s often said that there are two types of organizations: those that have been hacked, and those that will be – turning the conversations around security breaches from ‘what if?’ to ‘when?’.
Cybersecurity is a serious, and often daunting, issue facing organizations of all kinds today. Two weeks after its Public Sector Summit, Amazon Web Services (AWS) hosted its first annual cloud security conference re:Inforce at the Boston Convention Center – drawing a crowd of over 7,000 security and cloud professionals for two days of hands-on learning, collaboration, and discussion on the threats and solutions available for cloud security.
Keynote Recap: understanding security at the speed of cloud
Stephen Schmidt, AWS’ Chief Information Security Officer, kicked off the event with an impressive keynote – covering everything from the state of security and customer stories, to tactical security tips and how organizations can build a culture of security.
“Do we have work to do? Yes, but I reject the ‘sky is falling’ mantra,” said Schmidt on the current state of cloud security.
What does the current security landscape look like at AWS? Multiple availability zones allowing for high availability, scalability, and high fault tolerance. This means outages are reduced and cloud security stands strong – but there is certainly work left to do.
The case for security automation is iron-clad: humans write code thus making human error a prevalent threat to organizations. “The goal is not to insert security into certain parts of the lifecycle,” said Schmidt reiterating the message that security must be job zero.
“I reject DevSecOps,” Schmidt said, alluding to the philosophy of integrating ‘security as a code’ within the DevOps practice, “DevSecOps just has to be the way Ops happens.”
In a world where hacks, breaches, outages, and ongoing threats are a constant buzz in the minds of security professionals – a culture of security is critical to the ongoing health and success of any private or public sector enterprise/agency.
Abby Fuller, a Principal Technologist at AWS, took the stage to dive deep into the need for a culture of security. Echoing AWS’ model of
shared responsibility for the cloud, Fuller urged attendees to implement a model of shared responsibility and a more holistic approach towards cyber and cloud security.
“No matter how you’re running your workloads, we want security to come first,” Fuller urged.
So, what does cloud security look like in practice? Capital One and Liberty Mutual, private sector companies dealing with sensitive information, gave real-world insights.
“We are one of the most cloud forward companies in the world, in fact, we plan to completely exit our data centers by 2020,” said Michael Johnson, CISO of Capital One.
“At Liberty Mutual, we believe progress happens when people feel secure. We’ve been leveraging the cloud to secure the cloud,” said Brian Riley, Senior Director of Global Cyber Risk Management at Liberty Mutual.
On closing, Schmidt had three key takeaways for re:Inforce attendees:
1. Conversations around security shouldn’t be scary
2. Improvements to cybersecurity start now: with practical, tactical and strategic measures that can be taken today
3. A commitment to cybersecurity is critical to the success of businesses
Certainly a jam-packed keynote with a multitude of takeaways no matter what your role is.
To coincide with the event, AWS had two key announcements:
• general availability of Control Tower; and
• general availability of AWS Security Hub
Key takeaways for the public sector
One of the most fundamental takeaways from the conference comes not from the content itself, but the mere fact that AWS recognized the importance of having a cloud security conference independent from reInvent. AWS is clearly putting a lot of skin in the game and wants to be one of the voices defining the narrative around cloud security and cybersecurity rather than act reactively, as many of its counterparts no doubt will.
At the core of the conference was a key message: security is everyone’s job. Conversations around cybersecurity and cloud threats need to be accessible at all levels of an organization, not just those with a technical understanding of cloud and cybersecurity tactics. Education, training, and conversations must become routine to ensure employees remain vigilant and weapons of a company’s larger security strategy.
However, while security may affect everyone and every enterprise – whether public or private – the stakes are orders of magnitude higher for public sector organizations, whose mission (particularly, whether or not the mission is successfully met) directly affects education systems, health and well being of constituents, and, ultimately, the safety of our nation.
“The head of information technology at the CIA said security in the cloud on its worst day is better than client-server systems on their best day,” Dave Vellante, host of theCUBE (Silicon Angle Media’s mobile live streaming studio) mentioned during the event. “This narrative of ‘The sky is falling’ that you always hear from security vendors is not what Amazon is projecting. What Amazon is projecting is that the state of the cloud union is strong.”
Cloud and cyber threats are in no short supply and are certainly not slowing down in production. At AWS, security is the highest priority, meaning you benefit from architecture built to meet the requirements of even the most security-sensitive organizations.
As a Premier Consulting and Managed Services Partner for Amazon Web Services (AWS), DLT helps make the path to the cloud seamless and cost-efficient for federal agencies and higher education institutions. Start a conversation today and see how AWS can help make sure you’re ahead of the game – contact DLT Solutions to find out more.