AWS CISO explains cloud-native security

In a recent interview with Help Net Security, Amy Herzog, CISO at AWS, elaborates on the concept of cloud-native security, which provides scalable and flexible protection that aligns with cloud development practices. She defines cloud-native security as a combination of security controls and processes that operate in harmony with cloud functionalities. This approach is API-driven and adapts to the needs of teams, ensuring they can meet their responsibilities under the Shared Responsibility Model. Herzog emphasises that AWS is accountable for the security of the cloud infrastructure, allowing customers to focus on securing their own applications and workloads. AWS continually invests in security measures, including identity access management and encryption, and has achieved compliance with 143 standards, showcasing its commitment to providing a secure environment for its users.

Herzog also discusses the importance of understanding the Shared Responsibility Model as a foundational step for security teams. She advises that teams should first clarify their business goals, as this context will guide their security decisions. Following this, she recommends starting with AWS accounts by setting up AWS Organisations, which simplifies the management of access and resources. This foundational step is crucial for establishing a secure cloud environment that aligns with organisational objectives, enabling teams to operate efficiently without compromising security.