3 Security Initiatives AWS's New CEO Should Prioritize

As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.

Greg Martin, VP and General Manager of Sumo Logic's Security Business Unit

September 29, 2021

4 Min Read
Digital cloud
Source: your123 via Adobe Stock

Adam Selipsky recently returned to Amazon Web Services (AWS) — where he formerly served as VP of marketing, sales, and support — as the company's CEO.

Selipsky is taking the helm at a critical time. Cyberattacks are on the rise, and the overwhelming majority (78%) of IT security leaders lack confidence in their company's cybersecurity posture, according to IDG Research. Businesses are aware of growing security risks and are taking steps to combat them. In fact, Gartner recently said that "worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021." 

As the world becomes more digitized and businesses continue to embrace a remote-work model, identifying and mitigating new IT vulnerabilities will be crucial.

Many will be watching to see what Selipsky's first move will be. Although AWS has room to run in the cloud wars, security must be one of the first things the new CEO addresses.

Here are three initiatives that should take priority.

1. Bolster Security Partnerships and Product Development Efforts
Given the current threat landscape, it's essential that AWS fully maximizes its potential when it comes to security. Historically, the company has taken a hybrid approach of building basic products and then teaming up with channel and ISV partners to deliver its offerings. AWS must now take its strategy to the next level by creating robust, partner-driven relationships with key security players built on AWS, like CrowdStrike, PagerDuty, Okta, and others.

There is a huge opportunity for AWS to look to its partner ecosystem to jointly deliver and execute on security solutions for the enterprise. Companies like Microsoft have already done this with great success. AWS should double down on its efforts to build an architecture of partners that spans cloud, endpoint, and security information and event management (SIEM) solutions. By driving these partnerships through a marketplace channel, AWS sales reps can then sell and be compensated on those products. As part of this, AWS will need to educate its enterprise salespeople on these best-of-breed solutions so they can shepherd customers into a more modern stack of cloud security offerings.

2. Make Security a First-Class Citizen
AWS currently offers architecture review for customers through its "well-architected framework." This framework lets AWS look at how customers have set up and used Amazon services within their stack to ensure their reliability and success. Why not offer a similar framework for security?

A service like this would help users understand not only how to architect their stack effectively but also how to secure it. It's no secret that many companies still have hesitations regarding the transition to cloud, so having this type of internal service would help ease any worries and boost cloud adoption.

AWS could take on the role of educator for their customers, sharing their expertise to help companies that are intimidated by the processes required to secure their cloud. This might entail conducting audits of what the customer has done and then giving them a stamp of approval once their stack is deemed secure.

This is an important opportunity, not just for AWS but for other cloud providers as well. Currently, there is no single, centralized resource for security best practices when it comes to the cloud, so it will be up to software vendors to provide education and serve as a trusted resource for customers.

3. Invest in Innovation
Over the years, Amazon has made a few acquisitions of security companies, but it will need to place a heavier emphasis on acquisitions that drive innovation in security. AWS might consider creating a venture capital fund specifically for this purpose.

Alternatively, the company could give cybersecurity companies free credits to build services and products on top of the Amazon platform. They could do this by interviewing startups to make sure they share common goals and the vision of empowering companies to do cloud transformation securely. Participating companies could then be given a predetermined number of credits in Amazon to begin running their services and building breakthrough security products.

It'll be critical for AWS to stay competitive in this area by offering a compelling innovation program, since companies like Microsoft and Google offer similar programs with enticing perks.

AWS's CEO will no doubt have a lot on his plate as he embarks on his new role. Strengthening security should be a top objective. By getting creative with partnerships, educating customers on how to secure their cloud, and prioritizing security innovation, AWS can set itself and its customers up for success.

About the Author

Greg Martin

VP and General Manager of Sumo Logic's Security Business Unit

Greg Martin is the VP and General Manager of Sumo Logic's Security Business Unit. Prior to its acquisition by Sumo Logic, Greg was the CEO/Founder of JASK, a Silicon Valley startup specializing in artificial intelligence development for security applications, which was backed by Battery Ventures. He is a former cybersecurity advisor to the FBI, Secret Service and NASA. He also previously led the professional services practice for ArcSight, an HP company, and founded ThreatStream, a predictive threat intelligence firm funded by Google Ventures.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights