Today's top stories

Automating security at AWS: How Amazon Web Services operates with no SOC

Amazon Web Services CISO Stephen Schmidt explains the company's recipe for combining security automation with ways to get management and staff to take security seriously.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Amazon Web Services (AWS) has become one of the largest technology companies in the world. The cloud giant has over 55 data center locations and millions of customers.

Given the size of its customer base, it’s little surprise that outages make the headlines like few other companies. A single human error in 2017 caused an outage in one region affecting the likes of Netflix, Reddit, Adobe and Imgur. According to one web monitoring service, more than half of the top 100 online retail sites experienced slower load times during the outage.

Operating at hyperscale requires staying on top of and preventing human-made errors, and AWS is heavily focused on automating as many tasks as possible.  This includes many of its security operations to the point where the company has removed the need for a traditional security operations center (SOC).

Automation key to AWS security

Stephen Schmidt has been at Amazon more than a decade – having previously had stints at American Information Systems and the FBI. He has been AWS’s CISO since 2010 and is responsible for ensuring the security of the computer systems, networks and data centers for the entire company.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.