Inside AWS' quest to bake security into the cloud

Companies are routinely urged to think more about their cloud security, but a new set of products from Amazon Web Services' security team aims to help customers think about it less.

Driving the news: AWS unveiled its plan to add new security checkpoints to the company's cloud products earlier this week during its re:Inforce conference.

• The company rolled out a machine-learning-enabled tool, called Amazon CodeGuru Security, that identifies and resolves any vulnerabilities injected during app development.
• AWS showed off another new tool to let customers export data needed for a so-called software bill of materials, which provides an ingredient list for the software on a customer's network.
• And AWS also made its Findings Groups tool, which uses artificial intelligence to analyze and connect any related threat notifications that cross a customer's systems, publicly available.

Why it matters: As more organizations transition to cloud storage, malicious actors are following in their footsteps.

• Customers are taught that cloud storage is more secure and hack-proof than their on-premises and device-based alternatives. But many organizations aren't properly configuring their new cloud accounts, leaving them vulnerable to hackers.
• Last year, eight in 10 organizations faced a cloud security incident, according to a report from Venafi.

What they're saying: "We're filling in the areas of the things that customers have asked us for and also that we have seen, as we need to be able to make this a smoother transition," CJ Moses, chief information security officer at AWS, told reporters during a conference briefing.

The big picture: AWS' new products are aimed at helping customers during the entire lifecycle of their deployments, Paul Hawkins, a principal in AWS' Office of the CISO, told Axios.

• Whenever a new technology emerges, many people are quick to embed the tools into their workflows before weighing any security concerns.
• AWS' security team tries to help both its in-house teams and the company's customers more easily account for security while developing new tools, Hawkins told Axios.
• "Our goal is to produce services that make it easier for customers to understand the security of the applications that they build and operate," he said.

Between the lines: The vast majority of AWS' products are developed based on direct feedback and demand from customers, Hawkins added.

• "Customer demand is an interesting thing because it can take you down a road you didn't think of," Whit Crump, general manager of Americas business development at AWS, told Axios.

The intrigue: The quick emergence of generative AI is adding a new set of challenges — and opportunities — for cloud security, AWS executives told Axios.

• AWS recently released Amazon Bedrock, a tool that lets customers build their own generative AI applications, encrypt the data of these applications and limit access.
• At its event, AWS shared a new generative AI tool named Amazon CodeWhisperer. The tool scans any newly written AI-related code for security vulnerabilities as it's being written, while also filtering any biased code suggestions.

Zoom out: The new products come as Washington starts to press software manufacturers to build their products with security in mind.

Yes, but: AWS isn't the only cloud provider focused on embedding security into its products.

• Google also unveiled a suite of cloud security products earlier this week including fraud protection tools and new abilities to simulate potential attacks.

Sign up for Axios’ cybersecurity newsletter Codebook here