I believe that security must be a key consideration for all builders. That’s probably no surprise, I’m the Chief Information Security Officer at AWS where security is our top priority1 after all. But you might have a different definition of security in your mind than I do.
When I speak with groups around the world, their understanding of security is often that we stop bad things from happening. I imagine that’s what came to your mind too. That’s definitely part of the goal, but if that’s the only thing you’re expecting from a security team, you might be missing most of the value we can bring to the table.
Ultimately, the work security teams do—whether it’s adding controls, a stronger set of libraries, or eliminating unnecessary functionality—aims to make sure that what you’re building does what you intend it to do, and only what you intend it to do.
With that goal in mind, it’s easier to understand how security works as one of the six pillars in the AWS Well-Architected Framework and how security can even help innovation. Security concerns naturally balance and reinforce Performance Efficiency, Operational Excellent, and the other pillars, coming together to create a solution that meets your goals, within your risk tolerance.
This week at re:Invent, I highlighted a few of the areas where my teams are creating the tools to help the teams building the AWS Cloud ship securely and quickly. It’s important to me to bring security context closer to builders, so we’re using AI to help builders validate and improve their architectures directly within their workflows. We’re making it easier for our builders to create threat models that help them understand the stresses their solutions will be under when deployed.
We’re making sure that all of the threat intelligence that AWS Security gathers and analyzes is being put to use helping provide the context for builders to improve the resiliency (another Well-Architected pillar) of their solutions through things like findings in AWS Security Hub.
An engaged security team that brings more understanding and context to builders can help ensure that you meet that goal without any unexpected surprises. It’s what our teams are doing at AWS and what I encourage you to advocate for your organization.