How AWS sustains a strong culture of security

Contact Us

At AWS, security is our top priority.

Since day one, AWS has deeply invested into our culture of security. Security is prioritized by our leadership and built into our organizational structure. Everyone, regardless of role, views security as a shared responsibility. Security advocates and advisors are embedded in our teams to share their expertise, and innovation empowers our people to move fast while staying secure. 

We’ve found that building and maintaining a culture of security requires constant investment and focus on four key principles.

Culture of security principles at work within AWS

At AWS, security is deeply ingrained into our organizational structure and decision-making. Our security teams report directly to the CEO while also being deeply embedded in our respective business units. Weekly meetings with executive leadership examines security metrics, connect data to business outcomes, and ensure alignment on strategic security issues. This top-down commitment reinforces that security accelerates business objectives and enhances customer experiences.

AWS operates with a strong ownership model built around our culture of security. Everyone, from executives to engineers, embraces a security-first mindset. Service teams are fully responsible for the security of the service that they deliver. Security is ingrained into every product roadmap, engineering plan, and weekly stand-up, just as much as capabilities, performance, and cost. We encourage teams to raise their hand and ask for help when there’s even a hint of a security issue.

AWS Security provides critical capabilities and services that enable our engineering and service teams to fulfill their security responsibilities effectively. This includes training, threat modeling tools, code scanning frameworks, design reviews, penetration testing, and security reviews of new services and features. Security teams are empowered to make a go or no-go decision with respect to each and every release, and always err on the side of maintaining the high security bar our customers expect from AWS.

At AWS, people are our biggest asset, driving us to build security innovations that improve their work experience, remove barriers, and enable sound security decisions. We use artificial intelligence (AI) to accelerate secure software development and complement human expertise. We use security automation to reduce mundane tasks, reduce human error, and scale security best practices. And, we use automated reasoning to detect misconfigurations and prove that our security controls are effective.

Featured resources

Blog

How the unique culture of security at AWS makes a difference

Learn about four principles that sustain a strong culture of security at AWS.

Learn more
Brief

How AWS embeds a culture of security into every aspect of its business

Explore how AWS integrates security into every aspect of our business.

Learn more
Video

The CEO’s role in security leadership

Hear perspectives on how the CEO can cultivate a strong culture of security.

Watch video
Brief

6 questions every board should ask their CISO

Learn how the CISO can help executives and the board to prioritize security investments.

Learn more
Video

The building blocks of a culture of security

Learn how other organizations are creating a culture of security.

Watch video
Resources

AWS Executive Insights on security

Explore insights on effective security and compliance leadership.

Learn more
Podcast

Conversations with Security Leaders

Hear directly from AWS leaders how we approach security inside AWS.

Listen here
Training

AWS security, compliance, and identity training

Explore self-paced digital courses, hands-on labs, and role-based training for every skill level.

Learn more