Category: Security, Identity, & Compliance

In this guest post, Mignona Cote, the AWS Global Security Advisory lead, reports on her conversation with Jim Routh, Head of Enterprise Cybersecurity at MassMutual. Their discussion covers the challenges for CISOs who straddle the worlds of traditional information security and newer, digital. DevSecOps and cloud-based security paradigms. Ultimately, Routh says, CISOs must learn to […]

As part of a new video series of discussions with security leaders, Verified: Presented by AWS re:Inforce, AWS CISO Steve Schmidt sat down with Emma Smith, Global Cyber Security Director at Vodafone, for a discussion on the importance of diversity, equity, and inclusion in security teams. Watch the full video on YouTube. Emma, a Diversity […]

As part of Verified: Presented by AWS re:Inforce, a new video series of discussions with security leaders, AWS CISO Steve Schmidt sat down with Jason Chan, VP of Information Security at Netflix, for a broad-ranging interview. Even though we couldn’t be together this year at AWS re:Inforce, we still wanted to create a platform for […]

Introduction by Mark Schwartz This post continues our series on governance in the cloud. In earlier posts we discussed new strategies for governance, the governance that requires standardization and rules, and governance that oversees projects and investments. In another post John Thorp of AWS Professional Services wrote about AWS’s frameworks for evolving your Governance, Risk, […]

Introduction by Mark Schwartz In several earlier posts I discussed new strategies for governance in the cloud and the digital world in general. In the first, I talked about the kind of governance that requires standardization and rules. In the second, I wrote about governing projects and investments. The underlying point of these posts was […]

One of the most common areas of interest from customer executives regarding their move to AWS is data protection. Data protection can take many forms (e.g., backups, high availability, long-term storage), but the focus for this blog post will be encryption. This post has been co-written with Scott Conklin, an encryption expert from our AWS Professional […]

When meeting with security, risk, and compliance executives who have yet to start their cloud transformation or who already have multiple cloud workloads in AWS, I am often asked a version of the following question: “While we agree that the cloud is the new normal, it is different than running security on premise in the […]

(image www.bluecoat.com) In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I […]

It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]

“It takes 20 years to build a reputation and five minutes to ruin it.” — Warren Buffett I’ve supported compliance and security requirements throughout my technology career. In some cases, these requirements were extremely burdensome — for example, when my team was preparing for a Department of Defense audit, which consumed more than 50% of our time for months […]