PHILADELPHIA — For organizations aiming to deploy generative AI at scale, focusing on the cybersecurity guardrails surrounding the technology can help ease adoption rather than hinder it, according to AWS CISO Amy Herzog.
Herzog, who took on the CISO role earlier this month, made the case for a closer enterprise focus on security during the company's annual re:Inforce conference Tuesday. The strategy can pay off by speeding up adoption.
“Security, when done right, can be a true enabler in adopting new technologies,” said Herzog. “What we're noticing is customers with mature security practices and the ability to innovate while maintaining a high security bar, they're adopting Gen AI faster.”
Companies in highly regulated environments, from finance to healthcare, have been able to rely on their existing security, privacy and data management guardrails to speed up AI adoption, Herzog said.
“This enables them to reduce risks and pragmatically focus on scaling their use cases,” Herzog said.
The conference comes amid increased enterprise interest in spinning up generative and agentic AI solutions, as well as rising concern over the security implications of the technologies. Most executives say they want to see stronger data privacy and security features from AI vendors, as AI agents garner the attention of cyberattackers.
During the event, AWS unveiled a slew of expansions to existing security features and new products across four key areas: identity management, data and network protection, monitoring and incident response, and modernization.
The updates included a preview of its revamped AWS Security Hub, which the company described as a security command center to identify and prioritize threats against cloud estates. While the security management service has been available since 2018, the new version offers additional correlation capabilities for cyber teams.
Herzog highlighted Amazon's own use of AI to speed up security work.
The company plugged AI into its model analysis process for Amazon Bedrock in response to customer needs for quick access to the latest models.
“We thoroughly test third-party models to make sure they meet our high security bar before offering them to our customers through Bedrock,” said Herzog. “This process, I'm going to be honest, used to take us weeks.”
AWS spun up a standardized deployment architecture that automated most of the testing, running these at scale in order to make models available more quickly within Bedrock.
As the dominant cloud provider — taking up one-third of the massive infrastructure-as-a-service market — AWS is ubiquitous in enterprise IT estates. Baked in security features, Herzog said, can spur companies to scale their AI use cases.
“When you have a secure foundation, your teams can experience, build and ship with confidence,” Herzog said. “A secure foundation doesn't slow you down, it speeds you up. It removes friction. It gives the team confidence to adopt, experiment and innovate faster, because guardrails are already in place.”
