AWS’s Shared Responsibility Model Explained: Two Sides to Achieving Enterprise Security
[The content of this article has been produced by our advertising partner.]
Not Just Theory: Getting Hands-on with Cloud Security
The event addressed the developing threat landscape and evolving compliance requirements, gathering over 800 security professionals, technology leaders, industry regulators and partner specialists. By introducing emerging security innovations through panel discussions, interactive demos and booth exhibitions, the underlying goal was clear: demonstrate how technology can help enterprises navigate looming risks effectively and affordably.
Not only were peers encouraged to network, separate tracks focused on critical infrastructure and artificial intelligence (AI) security were also available, addressing two of the most pressing concerns for organisations. Furthermore, the opportunity to take part in AWS Well-Architected Security GameDay allowed participants to gain hands-on learning experience to practice security best practices. Simulating preset security incidents in a safe sandbox environment, participants were faced with the challenge of real-world security threats.
Being the first cloud provider to mandate multi-factor authentication and achieve ISO/IEC 42001:2023 accredited certification for AI services, AWS has moved on to innovate at a silicon level, launching the Graviton processor to build hardware security design from the ground up. At just $20 per month, organisations can receive personalised recommendations on security postures through well-architected reviews conducted by Amazon Q Developer CLI and Model Context Protocol (MCP) Server, while experiencing the flexibility of a full stack of models and applications.
Not in Silos: Sharing the Responsibility
However, rather than asking customers to rely solely on their technology, what AWS is saying is for customers to share the risk collectively. The AWS Shared Responsibility Model highlights AWS’s responsibility for securing the cloud, yet customers should still be obligated to manage security inside the cloud, which encompasses data, applications, servers and configurations.
The model emphasises accountability, proper configuration and maintenance. More importantly, it encourages cultivating a culture of security, where every member is responsible to safeguard individual information. With unintended disclosure of credentials and unmanaged application software security ranked as the most common causes for customer security incidents, this framework reinforces that effective cloud security requires collaboration between cloud providers and customers, of which each party fulfils their respective security obligations.
While quantum computing still seems to be a far-fetched concern to the public, some of tech executives, investors, and academics in the industry believe a fully fault-tolerant supercomputer will arrive by 2035. An attacker may not be able to crack your encrypted files in 2025, but the dark side to quantum computing is that stolen information can be stored and decoded in the future. Therefore, fostering a collaborative environment in protecting cybersecurity is essential to present a united front for long-term safety.
Not in Stagnant: Preparing for Agentic AI
Agentic AI was another buzzword that appeared frequently during the full-day of keynotes and discussions. Specifically, Bertram Dorn, Principal OCISO at AWS identified the emergence of autonomous AI agents as the trending topic for the next twelve to twenty-four months. With the rapid deployment of AI agents impending, organisations will need to prepare to address critical questions such as the authorisation of agents and governance framework surrounding the technology, ensuring accurate representation of users.
Enter Kiro, AWS’s answer to the increasing demand for agentic coding tools. The AI integrated development environment offers to streamline software development and accelerate the process from concept to production with specifications-driven development. Kiro’s agents help solve challenging problems and automate tasks like generating documentation and unit tests with AWS Transform and Amazon Connect, allowing developers to stay involved and build beyond prototypes.
The AWS Security Day 2025 demonstrated that while the threat of cybercrimes is real and the challenge is significant, solutions are present to navigate the evolving landscape. Sharings from industry partners proved that the most successful need not have the most ambitious plans, but are those who have started the learning cycle and are willing to improve each iteration through incorporating real-world customer feedback.