Google CSO Steve Schmidt supports MFA and fungible resources

Share This Post

And, while the company once again added more security tools and features to its ever-growing suite of offerings, Schmidt said some of the smallest steps, such as enabling multifactor authentication (MFA), can have the biggest impacts in terms of shrinking attack surface for customers. SearchSecurity editors Rob Wright and Arielle Waldman spoke with Schmidt about the transition to his new role, the shifts he saw during his time as AWS CISO and an evolving threat landscape for cloud providers and customers. In part one of the Q&A, Schmidt discussed how AWS is spurring MFA adoption, Amazon’s shift to more fungible IT resources and the security benefits of that shift.

Amazon CSO Steve Schmidt answers questions from SearchSecurity on his tenure as AWS security’s director and changes the cloud provider did to strengthen both its and its clients’ positions. Steve Schmidt, who was appointed CSO of Amazon early this year after serving as head of AWS security for a number of years, may be the person who knows those developments the best. Schmidt spoke about the massive security difficulties AWS has encountered as the company has evolved, tracking quadrillions of events each month throughout its cloud architecture, during the keynote address at the 2022 AWS re:Inforce conference last week.


  • Schmidt: There is absolutely a lot of overlap. When you look at security, it’s really something that has a bunch of fundamental underpinnings. Can you see everything that you need to see to understand what’s there? Can you measure how it’s doing in comparison to what your security goals or requirements are? And can you affect change when you need to in that environment? And change can be something as simple as are you able to patch [a vulnerability] to something a little bit more dramatic like Log4j — what do you do when something giant comes along? And there are a lot of similarities across all of the businesses. One of the other things that we’ve got as a company, of course, is that most of the company runs on AWS. There are relatively uniform tools that we can apply across a lot of those different pieces.

  • Steve Schmidt: It’s been fun. I was in AWS for a long time — for 14 years. And what’s really enjoyable about my new role is I get to learn things because I don’t know anything about how you build satellite systems, or robots, or self-driving vehicles or any of that stuff, so it’s so much fun to learn about that business and to see what we do there. Are there any overlaps in the roles or lessons you’ve learned at AWS that you can take to the new position?

Schmidt: It was really interesting. The way I landed at Amazon is kind of a fun story. In 2006, I was running a team that did intelligence analysis. If we picked up a laptop in a cave in Afghanistan, my team’s job was to compare the content on that with everything that we had on intercept systems to see if there’s linkages and if somebody’s communicating back and forth. We were a big customer of all the disk storage vendors, and we kept filling up file systems, and it was a pain. We saw this thing called Amazon S3. We said, ‘That is what we need!’ We approached Amazon and said, ‘Would you build one of these for us, please, because this will relieve a lot of headaches that we have.’ And it turned into a conversation where they said, ‘You guys seem to know something about distributed systems — do you want to build these things, as opposed to being a customer?’ And we said, ‘Well, that sounds fun, but we don’t want to move to Seattle.’ And Amazon said, ‘Alright, we’ll open an office in Virginia for you.’ And so the team that came over here that I ran built software. We built virtual private clouds; that was our first gig. And I did that for about a year and a half. And then we started looking for someone to run security for AWS. Andy [Jassy, Amazon’s CEO] did that for a while, and he got tired of it. And he pointed to me and said, ‘You’re it.’ I said, ‘I don’t want to do it.’ He asked why, and I told him it’s because security teams slow down companies; I’ve seen that having worked in the government.


Related Posts

1 emerging pilot Apple Investors may have ignored

More specifically, Apple’s iPhone revenue increased to $40.7 billion...

According to Apple, this new iOS 16 feature would permanently destroy passwords

According to Apple(opens in new tab), passkeys will be...

According to Apple, this new iOS 16 feature would permanently destroy passwords

According to Apple(opens in new tab), passkeys will be...

Apple Card’s popularity is the cause of Goldman Sachs’ problems

Anonymously, several inside sources talked to CNBC about the...

OnePlus Ace Pro, the twin of OnePlus 10T, is now available for purchase

Design-wise, this phone is identical to the OnePlus 10T....