BuzzFeed Keeps Scoops and National Security Secrets Secure with Amazon’s KMS

BuzzFeed launched in 2006 with the intention of focusing exclusively on viral content from around the web. But its daily traffic and ambition quickly led the site to set its goals higher. In 2011, BuzzFeed launched its own news division, hiring investigative journalists, breaking news, and publishing deeply reported articles alongside more traditional news outlets. Over 200 million monthly visitors click on BuzzFeed for an array of content, from serious news to lists that will make you LOL.

But cybersecurity is no laughing matter for the company. “A bunch of really bad things could happen if someone gained access to the codebase,” says Justin Hines, staff engineer at BuzzFeed. “Defacement is a really big risk for BuzzFeed and something that we want to avoid.

People could push changes to any of our databases and change content on the site.” From providing API tokens to formidable passwords for all of its 1,700 employees, keeping BuzzFeed’s secrets secure is imperative.

That’s why BuzzFeed recently upgraded from GNU Privacy Guard (GPG) to Amazon’s Key Management Service, or KMS. “Keeping secrets is obviously very important for us, and we wanted to pick a solution that we liked,” Hines says. “The decision to move away from GPG and into Amazon KMS was one that we didn’t take lightly, but the experience that it enables for us was perfect.”

Any number of incidents can affect an entire website’s security. When a new developer is onboarded or a developer leaves, the company either has to take their public key and add them to the keyring or else re-encrypt all secrets in the repository. Not to mention the fact that employees lose their laptops and forget their passwords all the time. “Humans are humans, and that’s just, kind of, what they do,” Hines says. And even the smallest of changes would increase workloads. He explains that “every change that a developer has when they pull and push new code changes from the repository can be megabytes of change, and that just slows every single developer down.”

In switching to KMS, BuzzFeed exerted more control of the use of encryption across the company. “When the BuzzFeed team was about to publish the Steele dossier, it was important to maintain the integrity of those secrets and make sure that dossier did not leak prior to us wanting to publish it,” Hines explains. Such security protects BuzzFeed’s employees and reporters while also making the company an uncompromised, trusted voice in news. “It’s really important to maintain brand integrity and trust with our users,” he says. Whether it’s celebrity gossip and cute cat memes or matters of national security, BuzzFeed makes sure that what needs to be secure stays secure.