Amazon Web Services Says the Cloud Is the Future of Enterprise Computing

Are people confident enough to move their company’s IT security to the cloud?

What are the cardinal mistakes we make by leaving the door open to ransomware? And what other security lessons should companies, in particular, consider as they move their day-to-day business activities further online?

Mark Ryland is Director of the Office of the Chief Information Security Officer at Amazon Web Services, the world’s largest hosting and cloud provider.

The Irish Independent caught up with him to ask about a number of security issues.

Adrian Weckler [AW]: When I speak to companies large and small in Ireland, some are still unsure of the fundamental notion of bringing more of their organization’s security online. Are they right?

Marc Ryland [MR]: There are certainly still legacy technologies with definite security benefits. On the other hand, it also becomes more difficult with certain processes to do everything on the spot.

You get security checks around the network and other things that aren’t easy to put in place. I would also say that for cloud native systems, whether you start with or modernize, you would be less likely to see traditional security technologies.

You won’t worry about endpoint security etc., configuration management becomes the key security control. So there’s been a lot of movement on that, I think.

More and more, now there’s a sense of it [cloud] being the modern, safe thing to do with less of a question mark around it.

AW: What other trends are you seeing?

M: People often want to talk about exciting emerging threat landscapes.

But how about starting with the basics of security? How are they over there ? Like patching? How do they train people not to click on phishing links? Generally, people don’t do a great job with the basic stuff.

Even something like ransomware, which is a huge topic, is literally just another monetization strategy for a set of vulnerabilities that tend to be around for a long time.

AW: Ransomware has been a major problem for many companies for years now. Is it discouraging that so many large organizations still seem to be vulnerable to it? And what should they really do differently?

M: These are almost always unpatched systems. The cloud can help a lot, even with some of the simplest features.

We have a service that can back up everything, all database services. About a year ago we added a policy feature where no data can be deleted for 90 days.

No user, not even the most powerful administrator in your entire company, can delete data while it is in this policy.

It’s a pretty safe place when it comes to compromised credentials, which is a classic attack vector [in ransomware].

If someone comes in and gets administrative access and wants to start doing things, they can’t. It is a really powerful and simple tool.

But again, ransomware is not a new security risk per se, although there may be new tools associated with encryption.

Ultimately, this really begs the question: have you ever had a good strategy for dealing with data loss and data protection? Ransomware was therefore a wake-up call.

AW: Stripe’s Collison brothers regularly argue that the world is only one percentage point away from transitioning to e-commerce. Is this a relevant argument for cloud security?

M: This is still a relatively early phase of transformation.

This transformation is good for the industry.

This is a fundamental realignment of customer interests and supplier interests, compared to what you had in the old [tech] world.

As a vendor, I may have very good intentions, but what drove me was to sell you as much hardware as possible and sell you the biggest software enterprise contract, whether or not you install and use this software.

I can tell you that I am offering you a big discount.

But if you never installed it, the reduction didn’t work.

Yet it was irresistible for sellers to do so.

A salesperson can get a Ferrari after closing a big deal. It was just the way the world worked and no one thought it was wrong.

But the cloud doesn’t work that way.

Almost every month, we send you an invoice. If we do not support you properly, you will not continue to use our services. If we do a great job. You will use more.

I think in some ways this is the most revolutionary thing about cloud technology.

Comments are closed.