AWS CISO On Why Its Security Strategy Tops Microsoft, Google
‘We’re not playing checkers, we’re playing chess. And we’re playing chess at 150 miles per hour, on the internet, with everybody watching,’ says CJ Moses, a cloud cybersecurity pioneer and CISO at AWS.
Can you talk about cloud security versus on-premise security?
You never want to be at a disadvantage to an adversary, and being on-premises and having adversaries that are using the power and capabilities that are provided by the cloud and cloud capabilities, you find yourself to be at a disadvantage.
So using the cloud to secure the cloud is exactly what we’ve done.
When we started building AWS 15 or 16 years ago, and then when Steve and I came on board, we built the infrastructure, and the culture, even more so to be able to enable our environment to be the most secure cloud in the world.
Because we saw what the internet was. We saw the wild, wild west that it was when we chased hackers around the globe, quite literally.
In that process, we realized that if we ever had the opportunity to build a bigger, stronger, better internet that could be truly secured, we would take that opportunity. AWS presented that opportunity.
Now that you’ve seen that transition and we’ve seen more cloud adoption, and continuing to go down that road—we’re still day one.
Because, I mean, what percentage of IT is in the cloud these days? I think our numbers are around 5 percent. So they’re still 95 percent of IT workloads are still not in the cloud. So there’s still that much more to go.
Now having the focus of security providers from our ecosystem, the things that we’re doing with that focus—we’re going to continue to see enhancements. Because now you have those security organizations and teams that used to be focused on-prem now focusing on the cloud because of the things that can do with creating new capabilities.
When you start to bring all of that together, you start to see the scaling effect that’s beneficial.
You used to be really worried and provide security at the network layer. As long as you had that nice network protection, everything inside was protected—you can’t do that anymore.
If you’re not protecting your data at the data level, you’re leaving layers of opportunity for adversaries to make their way in. And we’re not going to do that. We’re paranoid about security.