Avoid ransomware by moving to the cloud, says AWS Public Sector boss

AWS has also used re:Invent to launch an open source catalogue for its government customers to share and consume best practices when operating in the cloud.

Amazon Web Services (AWS) worldwide public sector vice president Teresa Carlson believes the best place for governments to run their business securely is in the cloud.

Speaking at the AWS Public Sector keynote during AWS re:Invent on Wednesday, Carlson said the world is witnessing an increasingly complex security environment, with cities, states, and home of governments constantly targeted by cybersecurity attacks.

Carlson briefly walked through attacks that have targeted government entities in recent years, such as in Atlanta, which is still recovering from ransomware that crippled the city of Atlanta's IT network last year, costing officials millions in recovery efforts.

Read more: Georgia county pays a whopping $400,000 to get rid of a ransomware infection | Florida city fires IT employee after paying ransom demand last week

"I was just in Johannesburg … the city there had a huge ransomware attack," she said, noting that while ransom was paid, Johannesburg is still struggling to bring its systems back up.

Carlson also said she met with someone from the education sector recently who said they are getting attacked school by school and are paying in excess of $30,000 in ransom "because they don't know what else to do".

"So one of the things we actively talk about with government is a move to the cloud to in order to detect and defend potential cyberattacks," Carlson said.

"And the good news is that there are some immediate steps you could take right now to protect the organisation, First, to have a viable backup in place for an effective solution to quickly restore.

"All these customers I talk to are running on data centres, unpatched, they talk about having a DR strategy -- but guess what, they don't have that."

Touching on the City of Atlanta again, Carlson said data was lost and the devastation of this should not be minimised.

"This is an act of terror, this is an act of war," she said.

"We have to treat this very differently.

"In fact, one of the things that I tell lawmakers is … these are like terrorist attacks. Our organisations, our government, our people, and we have to have laws in place … cloud is a good defender against it."

There are three things Carlson said will help defend against attacks: Encrypt, backup, and inherit.

See also: How Amazon Web Services runs security at a global scale

"All of our services are encrypted by default … and you can also inherit all the security policies and practices and architectures that are available to you," she said. "Get yourself informed and understand that cloud is a really good way to defend against these … we have to get much more serious."

Carlson was launching AWS' new open source government resource catalogue, which aims to arm those in the public sector with standards and best practices for navigating the cloud world.

"The most senior leaders in government didn't really understand what this whole cloud transformation thing was about … they want a catalogue of government resources," she said.

Carlson said it will allow governments around the world to share information and best practices, and said AWS wants its customers to contribute to the information repository.

"There are such amazing solutions around the world and we want them to be shared," she said.

Having used Capital One throughout his keynote on Tuesday as an example of a large company doing good things in the cloud, AWS CEO Andy Jassy was on Wednesday afternoon questioned by media on why he would parade an organisation that suffered a data breach.

"If you look at the major data breaches over the last five years, I think it's about 26, 25 of them have been on-premises infrastructure," he said.

"I don't think this has shaken people's confidence in any way in the cloud, we continue to see customers full-steam ahead.

"I think when most customers evaluate security posture in the cloud versus on-premises, they mostly come away believing their security posture is better in the cloud."

Jassy said around eight years ago, security was one of the biggest barriers for government and the enterprise to use cloud, mainly because it was a very different type of technology.

"I would say that today, over the last five years, security has become one of the selling points of people moving to the cloud as they feel like they have stronger security posture in the cloud as they do on premises," he said.

Updated December 4, 2019, at 1:30pm Pacific Time: Added remarks from Andy Jassy.

Asha Barbaschow travelled to re:Invent as a guest of AWS.

READ ALSO