Tag: Security

Governance must balance two objectives: it must control, and at the same time it must enable.

Note: The following is a guest post from Matt Trentler, an AWS professional services manager from our security, risk, and compliance practice. Introduction by Clarke Rodgers, AWS Enterprise Strategist I often meet with CxOs who understand in principle that a well-architected cloud implementation can be more secure than their current datacenter. However, “How do I build that […]

I’m very excited to announce that today is the official publication date of my latest book, War & Peace & IT: Business Leadership, Technology, and Success in the Digital Age. It is intended as the hitherto missing book for senior enterprise executives on how best to work with their technology organizations to accomplish their digital […]

One of the most common areas of interest from customer executives regarding their move to AWS is data protection. Data protection can take many forms (e.g., backups, high availability, long-term storage), but the focus for this blog post will be encryption. This post has been co-written with Scott Conklin, an encryption expert from our AWS Professional […]

When I decided to move US Citizenship and Immigration Services (USCIS) into the cloud, I had a number of discussions with others in the federal IT community about cloud security. As the Authorizing Official—the person who had to sign off on the security of each system—for a component agency of the Department of Homeland Security, […]

When meeting with security, risk, and compliance executives who have yet to start their cloud transformation or who already have multiple cloud workloads in AWS, I am often asked a version of the following question: “While we agree that the cloud is the new normal, it is different than running security on premise in the […]

(image www.bluecoat.com) In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I […]

It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]

“It takes 20 years to build a reputation and five minutes to ruin it.” — Warren Buffett I’ve supported compliance and security requirements throughout my technology career. In some cases, these requirements were extremely burdensome — for example, when my team was preparing for a Department of Defense audit, which consumed more than 50% of our time for months […]

“We don’t do load balancers anymore, we just do load balancing.” -Bruce Kantor, Talen Energy I don’t often get the opportunity to learn how the cloud is helping the energy industry rethink the way it delivers IT. There’s obviously a lot of great science behind power generation, but getting to hear about the technologies and […]