AWS Focuses on Cloud Security, a 'Top Priority for Everyone,' at re:Inforce

The company made its AWS Control Tower and Security Hub generally available to enterprises migrating their workloads.

Jeffrey Burt

June 25, 2019

5 Min Read
Security is one of the top benefits of using the cloud according to respondents who said that increased efficiency 41 percent data space 40 percent
Security is one of the top benefits of using the cloud, according to respondents, who said that increased efficiency (41 percent), data space (40 percent), flexibility (33 percent) and scalability (328 percent) were also top benefits of cloud computing.Thinkstock

AWS re:INFORCE 2019 — Amazon Web Services kicked off its inaugural re:Inforce event with the message that cloud security should be an enterprise-wide concern, not something left in the hands of a security team.

The protection of an organization’s data and workloads needs to be at the forefront of everyone’s thinking, from developers as they build applications to the general workforce to high-level executives overseeing the future of the company, Steve Schmidt, vice president and chief information security officer at AWS, told more than 5,000 attendees at re:Inforce in Boston Tuesday.


AWS’ Steve Schmidt

“Enhancing security should be the top priority for everyone across our organization,” Schmidt said during his keynote address.

The message is important as enterprises migrate more of their applications, data and development efforts into the cloud. Schmidt says enterprise leaders are telling him that they’re better off developing applications in the cloud than on premises, and not only because of the agility and the scalability the cloud brings.

“Security is better in the cloud than on premises,” he said.

AWS has put a focus on security over the years, in protecting its own data centers, offering a broad range of security services to customers and partnering with thousands of other companies that bring their technologies into the AWS cloud. It’s been key because security has always been a central issue in the cloud, from the early days when security concerns kept companies from fully embracing the new computing model to more recently, as enterprises look to protect what they’re putting into the cloud. This is particularly true as enterprises increasingly develop multicloud and hybrid cloud strategies, and adopt containers and Kubernetes, increasing the complexity of their cloud deployments.


AWS’ Steve Schmidt on stage at re:Inforce in Boston, June 25.

Forrester analysts predict that spending on cloud security will hit $12.7 billion by 2023, up from $5.6 billion last year. Fifty-four percent of infrastructure decision makers have implemented or are growing their use of the public cloud, fueling their security concerns. Security vendor Symantec in a recent report noted that the adoption of cloud computing is outpacing the development of effective security, which has resulted in continued security breaches. Symantec’s Cloud Security Threat Report found that 93% of respondents said they have difficulty keeping tabs on all cloud workloads.

AWS’ decision to run an event focused on cloud security is a smart one, according to Jo Peterson, vice president of cloud and security services at Clarify360, a partner of not only AWS but other major cloud providers. The company’s re:Invent show in the fall has grown to tens of thousands of attendees and spans multiple sites that touch on myriad subjects, making it a challenge for customers and partners to focus on the topics and sessions most important to them.

Such a focused event like re:Inforce gives customers a deep dive into an important area, Peterson told Channel Futures.


Clarify360’s Jo Peterson

“They do a great job of bringing it down to the customer level,” she said, noting AWS’ message that security should be everyone’s priority. “Cloud is a shared responsibility and it’s not ‘set it and forget it.’”

AWS’ Schmidt said cloud security will come from not only the cloud providers, but also customers as well as technology and channel partners. That was on display at re:Inforce. AWS rolled out a number of new services and features focused on security, while a range of technology partners also unveiled new and enhanced offerings.

AWS at re:Invent last fall unveiled Control Tower and Security Hub, giving large enterprise customers more security features as they move their workloads into the cloud. Now both are generally available.

AWS Control Tower leverages insights gained from myriad sources – from what AWS Professional Services has learned in customer engagements to …

… information in various whitepapers and documents – as well as features from other services to automate the process of establishing multi-account AWS environments. It includes identity management using AWS Single Sign-On, centralized logging from AWS CloudTrail and AWS Config stored in Amazon S3.

AWS Security Hub pulls together information from the multiple AWS security services enterprises use and third-party security software they are running. Security Hub offers automated compliance checks and insights aggregated from the various sources and delivers them to customers in a single place.

The new offerings are in line with security philosophies that AWS promotes. That includes the push to spread automation and encryption throughout the security and data management services. Abby Fuller, principal technologist at AWS, said that “security is sacrosanct” at AWS, with the goal being to give people the least amount of access to data needed for them to do their jobs.

Clarify360’s Peterson noted that cloud is reaching its adolescence and becoming more sophisticated, which is bringing with it changes that enterprises, vendors and cloud service providers must adapt to, including the changing perimeter and a greater appetite among enterprises for managed security services.

Read more about:

Channel Research
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like