​Our security has always been superior: Amazon CTO

AWS CTO Werner Vogels in Sydney this week

Security of information stored in the public cloud has always been superior to what organisations can achieve on-premise, according to Amazon’s chief technology officer, Werner Vogels.

In an interview with CIO Australia, Vogels, who was in Sydney this week for the AWS Summit, said security will forever be the public cloud giant’s number one priority.

“You can’t be in a consumer business or any business today without making [information] security your number one priority. It will forever be our number one priority to protect our customers whether they are retail customers or cloud customers,” he said.

Vogels told CIO Australia that there were myths and FUD [fear, uncertainty and doubt] in the early days “from the traditional players in the market bashing cloud about security not being good enough.”

“In essence, security in the cloud has always been superior to what people can achieve on premise and it’s clear to see there are governments moving, financial services is moving – anybody that has access to any personally identifiable information will put their things in the cloud,” said Vogels.

“From day one, we’ve been enabling encryption in the cloud so customers can encrypt all the data they have, they can manage the keys. And we can make investments in security that are almost impossible for individual companies to make by themselves."

Security is very quickly becoming a major reason why customers are moving over to AWS, he said.

Vogels cited American bank, Capital One, saying one of the financial services firm’s major reasons for moving over to AWS was because they were “getting security at a level with their own investment that would be very hard to manage.”

In Australia, Westpac’s chief information officer, also told CIO earlier this week that he expected the bank to move completely into the public cloud in less than 10 years but needed to overcome regulatory hurdles before reaching that goal.

Still, public cloud uptake across the federal government departments in Australia has been painfully slow. Last month, Angus Taylor, the minister for cities and digital transformation, revealed that only 0.5 per cent of the federal government’s IT spend across all agencies is allocated to purchasing public cloud services.

It’s a figure that Taylor said is “way too low” given that the government spends around $700 million per year buying hardware.

Australian companies, Vault Systems and Sliced Tech, last month became the first cloud providers to have their services approved by the Australian Signals Directorate’s CCSL program for use with classified government information.

Vogels said that regardless of whether company data is stored on-premise or in the public cloud, it should always be encrypted – organisations should have a level of “security hygiene” to protect data and meet regulatory requirements.

“You should have full control over it. It should never be the cloud provider that has full control over your data. It should always be the customer and that’s our position there,” he said.

Vogels said tools like AWS’ Cloud Trail provide compliance and operational and risk auditing capabilities that are unparalleled.

“You don’t have these things on-premise. On-premise you still rely on going through log files and trying to figure out what is happening. In the cloud, in real time, customers can really audit what is happening to their resources and under which conditions.”