Cloud solutions are shaking up digital transformation journeys for organizations everywhere, offering unmatched scalability, artificial intelligence capabilities storage and response time.

With these perks, however, comes a rising threat facing every technological industry: cybersecurity. Keeping their customers safe is an obstacle Amazon Web Services Inc. faces daily as cyber threats rise. In fact, AWS has a dedicated team working around the clock to ensure a fully secure, efficient cloud experience for its clients.

“I do a lot of work around securing ourselves, and then I also talk to customers and empathize with them about what it takes to do security at scale in the cloud,” said Merritt Baer (pictured), office of the CISO at AWS. “As a practitioner, I can empathize, but a lot of times those conversations revolve around how they can emulate some of the behaviors that we have learned over time.”

Baer spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how AWS keeps its network and clients safe, why cryptography is important in AWS’ security infrastructure and what the next priority for the CISO is.  (* Disclosure below.)

Creating a safer cloud environment

Distributed denial of service, or DDoS, is a frequently utilized attack tactic where attackers overload their victim’s servers with internet traffic to prevent other users from accessing the organization’s services or website. AWS deliberately leaves unpatched sensors on its network to see how bad actors interact with these vulnerabilities, using its findings to derive its managed rule sets for web application firewalls and other security features.

“We use it to protect ourselves and we also vend it to customers as these managed rule sets. So again, it’s like this organic way in which we are uniquely positioned to see what bad actors are doing to then take notes and then sort of form this alliance,” Baer said. “I think of this as like the Marvel of the good guy world.”

Keeping data safe from prying eyes is an important priority for any security company, and there are several different methods to assist in keeping private information private. Cryptography is the practice of keeping data and services secure by using various processes to scramble the data into indecipherable text that malicious third parties can’t read. Every second, AWS receives over half a billion different requests, all of which require their own keys and propagated policies.

To handle the massive volume of requests, the company employs its own cryptography protocols. AWS’ Automated Reasoning Group is doing mathematical proofs around how secure it can be.

“We use it on our side to prove that our cryptos or our boot code or other important elements are correct,” Baer explained. “We use it on the customer side to reason about permissioning — for example, an access analyzer or network analyzer and inspector to prove network reachability. So, without sending a single packet over the network, we can tell you whether you have an internet-facing endpoint or not. And that’s because we have infrastructure as code; we can reason about those.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the RSA Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE