AWS re:Inforce explains how to strengthen enterprise security culture and tools

Join leaders July 26-28 for Transform AI and Edge Week. Hear high-level leaders discuss topics around AL/ML technology, conversational AI, IVA, NLP, Edge, and more. Book your free pass now!

Your building must be made of wood, not papier-mâché.

That is: build your security program from scratch and integrate it into operations and throughout the development lifecycle, said Stephen Schmidt, Chief Security Officer of Amazon , to the AWS re:Inforce audience this week.

"You want visibility and everyone rows together," he said.

The annual re:Inforce event, as its name suggests, highlights the importance of security and features best practices from Amazon Web Services (AWS) and its partners.

Transform 2022

Sign up now to get your free virtual pass to Transform AI Week, July 26-28. Hear from AI and data leaders at Visa, Lowe's eBay, Credit Karma, Kaiser, Honeywell, Google, Nissan, Toyota, John Deere, and more.

This year's event included bootcamps, labs and several leadership sessions. These focused on proactive security; "pay attention to safety;" simplified identity and access management; large-scale compliance, governance, and security operations; cryptography; and leveraging research and innovation in protecting customer data.

“While this event is aimed at practitioners, I liked how security basics – such as blocking public access and using multi-factor authentication (MFA) – were were noted and sprinkled throughout the keynote as it reiterates a larger point: security should be part of every person's job,” MongoDB keynote speaker and CISO Lena Smart told VentureBeat. Lessons learned as a safety leader

In a keynote, Schmidt emphasized the importance of access (or lack thereof). It is essential, he said, to determine who has access to what and why. What do people need for their work? For example, do builders need live data for testing or, as he put it, should the data be "obfuscated, masked, and anonymized wherever it's stored?"

“A too permissive environment guarantees you headaches,” Schmidt said.

The building blocks of any security program require putting "thought and rigor" into every use case. When you store data, it must be "intentionally controlled, intentionally encrypted and intentionally protected," he said.

An entire organization needs to work together on security, Schmidt said, noting that AWS has a decentralized team environment. The AWS security team also meets regularly with the company's C-Suite. He noted that if a security team only spends sporadic time with the C-suite, "that's going to be a problem."

Similarly, security tools always perform best when used as part of an overall strategy. Security teams should not be siled, but rather be an "intimate partner" with development organizations. He emphasized an AWS principle: "We are stronger together."

Smart agreed, calling the employees "our strongest bond and best advocates for the culture of a strong security culture at MongoDB."

“While you may have all the tools in the world, at the end of the day, people are the key to a robust and ever-expanding cybersecurity program,” Smart told VentureBeat.

This has been demonstrated by the MongoDB "security champions" program, she said. This has more than 90 employees worldwide, whose members volunteer their time to serve as security conduits for their individual teams.

"The program gives us unprecedented insight into MongoDB and has helped us mature our security program and internal collaboration," Smart told VentureBeat.

A "worst-case scenario," Schmidt pointed out, is for an organization's data to become accessible. Whether ...