Endpoint Security , Internet of Things Security , Next-Generation Technologies & Secure Development
Amazon CISO Amy Herzog on Embedding Security in Ring, Alexa
How Amazon Accelerates Product Development While Securing Customer DataEmbedding security in the product development process has given Amazon two major capabilities it needs out of its product releases - innovation and speed, said Amy Herzog, CISO of Ads and Devices at Amazon.
See Also: Key Security Challenges and Tooling Approaches for 2024: Survey Results Analysis
Security is integrated from the design phase at Amazon, with product and cyber teams working together to enhance speed and safety rather than applying post-development fixes. While security principles such as encryption are generally consistent across Amazon's portfolio, popular products such as Alexa and Ring have unique security requirements based on customer expectations as well as the nature of the devices, Herzog said (see: The Rise of Memory-Safe Languages in Secure Development).
“I was really excited to take this CISO role at Amazon because during my interview process it became really clear that at Amazon, we are all aligned with my own beliefs about security, which is that we can be at our best an accelerant for product development, a velocity accelerator where we're really working, co-creating, building with product teams to make sure that what we release is secure," Herzog said.
In this video interview with Information Security Media Group, Herzog also discussed:
- Security strategies for consumer-facing products such as Alexa and Ring;
- Differing security expectations between corporate and consumer tools;
- How Amazon balances security transparency and usability for consumers.
Herzog joined Amazon in February 2023 after holding IT management positions at Travelers insurance and at Pivotal, which was acquired by VMware in December 2019. She has a deep security engineering background, working as a principal security engineer for the MITRE Corp. for more than 15 years at the start of her career. At MITRE, Herzog was the co-inventor of two patents relating to cybersecurity.