Amazon executive: IT experts 'should be embarrassed' about data breaches

NEW YORK CITY—Technologists across all industries need to take more responsibility for cybersecurity, Amazon Chief Technology Officer Werner Vogels said while speaking at an Amazon Web Services conference in New York City this week.

Wearing a T-shirt that said "Encrypt Everything," Vogels urged companies to think of security as an enterprise-wide responsibility. Yet, in the last year, there were 15,000 data breaches, he said.

"As technologists, we should be embarrassed and we need to take responsibility for this," Vogels said. "Security needs to become everyone's job, not just that of the security team. If you do not integrate security from day one, then you put your business and customers at risk."

Vogels' call for a stronger focus on cybersecurity comes as healthcare organizations are increasingly vulnerable to cyberattacks due to the value of health data and the wide attack surface posed by growing IT systems and the use of connected medical devices.

RELATED: Ransomware, phishing attacks top new HHS list of cyberthreats in healthcare

The health industry experiences more data breaches than any other sector, according to a Ponemon Institute and Verizon Data Breach Investigations report. The U.S. Department of Health and Human Services breach portal reports that over 15 million health records have been compromised by data breaches, to date. Ransomware attacks grew threefold in 2017, with healthcare being affected the most by this increase, according to a threat report from security firm Cylance. 

Many healthcare organizations remain particularly vulnerable to phishing attacks. When researchers sent simulated phishing emails, nearly one in seven of the messages were clicked by employees of healthcare systems, a recent study published in JAMA Network Open found. "There's always an idiot that clicks that link," Vogels said of the risks posed by phishing emails.

Technology can play a big role in strengthening cyber defenses, Vogels said, with security automation taking humans out of the loop to improve security.

Vogels' keynote speech at the AWS Summit was frequently disrupted by protesters who made their way inside New York City's Javits Center. Hundreds of protesters also gathered outside the Javits Center and around nearby streets to protest Amazon potentially selling its facial recognition software to U.S. government agencies, including the Immigration and Customs Enforcement.

Vogels had to pause many times in his speech as protesters in the audience interrupted him, chanting, "Cut ties with ICE." At one point, he said, "I'm more than willing to have a conversation, but maybe they should let me finish first."

Pressing on, Vogels also talked about the future of cloud computing, noting that AWS continues to see 40% growth year over year. Cloud computing has revolutionized IT and how IT services are delivered, he said.

RELATED: Health systems launch new HIPAA-compliant Amazon Alexa voice tools

Organizations across industries are migrating from on-premise databases to the cloud and AWS has migrated more than 150,000 databases to the cloud, to date, Vogels said. Cloud computing is driving the new "golden age" of machine learning, Vogels said. "Hundreds of thousands of companies are executing machine learning on AWS. Our goal to put machine learning in  the hands of every developer and data scientist." AWS now offers more than 200 global cloud-based products, including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications.

Vogels also announced a number of new tools to help developers innovate in the cloud environment. Here are 5 key product announcements from the AWS Summit New York:

  • AWS Cloud Development Kit—The AWS CDK is now generally available in TypeScript and Python. AWS CDK is an open-source software development framework to model and provision cloud application resources using familiar programming languages.
  • Amazon EventBridge—A serverless event bus that makes it easy to connect applications together using data from your developers' applications, software-as-a-service applications, and AWS services. EventBridge delivers a stream of real-time data from event sources, such as Zendesk, Datadog, or Pagerduty, and routes that data to targets like AWS Lambda. 
  • Amazon CloudWatch Anomaly Detection—In preview, this tool applies machine-learning algorithms to continuously analyze system and application metrics, determine a normal baseline, and surface anomalies with minimal user intervention. 
  • Amazon SageMaker Managed Spot Training—Service that can optimize the cost of training machine learning models using Amazon EC2 spot instances. The enhancement to SageMaker could lower training costs by up to 70%.
  • AWS Lake Formation—A service that makes it easy to set up a secure data lake. What previously took months to do can now be accomplished in just a few days, Vogels said. A data lake is a centralized, curated, and secured repository that stores data, both in its original form and prepared for analysis. A data lake enables companies to combine different types of analytics to gain insights and guide better business decisions.