Automating security at AWS: How Amazon Web Services operates with no SOC

Amazon Web Services CISO Stephen Schmidt explains the company's recipe for combining security automation with ways to get management and staff to take security seriously.

Amazon Web Services (AWS) has become one of the largest technology companies in the world. The cloud giant has over 55 data center locations and millions of customers.

Given the size of its customer base, it’s little surprise that outages make the headlines like few other companies. A single human error in 2017 caused an outage in one region affecting the likes of Netflix, Reddit, Adobe and Imgur. According to one web monitoring service, more than half of the top 100 online retail sites experienced slower load times during the outage.

Operating at hyperscale requires staying on top of and preventing human-made errors, and AWS is heavily focused on automating as many tasks as possible.  This includes many of its security operations to the point where the company has removed the need for a traditional security operations center (SOC).

Automation key to AWS security

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!