AWS CISO On Why Its Security Strategy Tops Microsoft, Google
‘We’re not playing checkers, we’re playing chess. And we’re playing chess at 150 miles per hour, on the internet, with everybody watching,’ says CJ Moses, a cloud cybersecurity pioneer and CISO at AWS.
Microsoft has seen some systemic security issues in Active Directory, password breaches, and difficulty in securing on-prem and cloud. Why isn’t this happening to Amazon?
It’s because of the foundation we built and how we are making investments forward.
Perfect example is the issues that we saw in various different intrusion issues or otherwise supply chain issues over the last year or so: we don’t present Active Directory to the internet, because we understand that there can be issues there.
We’d rather not have a single layer of defense that we don’t own there.
We do use Active Directory, just like anyone who runs Microsoft at any scale does. We actually have our own, what we call midway—our own capability that we use that’s an enabler to our zero-trust capability, and multi factor authentication, and all that. That is our gateway to the internet or gateway to outside of our own environment.
That’s why we made that investment years ago. We had to spend the money, take the time, do the research, build the capability, but because we did all of that in advance, it paid off later on.
That’s exactly what you’re seeing in a lot of these different cases is: we’re not looking for the threat of tomorrow. We’re looking for the threat cases and vulnerability cases that are out years ahead.
You’ve heard Andy Jassy say this, but there is no compression algorithm for experience.