Amazon Web Services CISO on securing the cloud

Grazed from FierceCIO. Author: Paul Mah.

FierceCIO had the opportunity to speak to Stephen Schmidt, the vice president of security engineering and the chief information security officer of Amazon Web Services, on the sidelines of the re:Invent 2014 conference last month. We were curious as to what the head of security for the world’s largest public cloud service had to share regarding top enterprise security concerns, as well as what it takes to keep AWS secure.

Top enterprise concerns

"The biggest concern that I hear from customers is that they don’t get the division of responsibility right," said Schmidt in response to our first question. "It’s a shared responsibility. We are responsible for the bottom layer. We are responsible from the floor of the data center up to the hypervisor," he said…

What Schmidt means is that deploying a cloud infrastructure doesn’t automatically release the enterprise from duty of managing their security. Indeed, there is certainly a lot of attack surface above the hypervisor that enterprises need to harden…

Read more from the source @ http://www.fiercecio.com/story/amazon-web-services-ciso-securing-cloud/2014-12-01