Thank you very much.
Good morning, Chair Zimmer, members of the committee, and international guests.
My name is Mark Ryland. I serve as the director of security engineering in the office of the chief information security officer at Amazon web services, the cloud computing division of Amazon.
Thank you for giving me the opportunity to speak with you today. I'm pleased to join this important discussion. I'd like to focus my remarks today on how Amazon puts security and customer trust at the centre of everything we do.
Amazon's mission is to be the earth's most customer-centric company. Our corporate philosophy is firmly rooted in working backwards from what customers want and continuously innovating to provide customers better service, more selection and lower prices. We apply this approach across all our areas of business, including those that touch on consumer privacy and cybersecurity.
Amazon has been serving Canadian customers since we first launched amazon.ca in 2002. Amazon now has more than 10,000 full-time employees in Canada. In 2018, we announced plans to create an additional 6,300 jobs.
We also have two tech hubs, one in Toronto and another in Vancouver. These are clusters of offices employing more than 1,000 software engineers and a number of supporting technical workers, building some of our most advanced global systems. We also have offices in Victoria for www.abebooks.com, and our AWS Thinkbox subsidiary in Winnipeg.
We operate seven fulfillment centres in Canada, and four more have been announced. They will all open this year, in 2019.
I would now like to talk about our cloud platform.
Just over 13 years ago, Amazon launched Amazon web services, which is our cloud computing business. Montreal is home to our AWS Canada region, which is made up of a number of distinct data centres. We launched AWS, because after over a decade of building and running amazon.com, we realized we had developed a core competency in operating massively scaled technology infrastructure and data centres. We embarked on a broader mission of serving developers and businesses with information technology services that they can use to run their own businesses.
The term “cloud computing” refers to the on-demand delivery of IT resources over the Internet or over private networks. The AWS cloud spans a network of data centres across 21 geographic regions around the globe. Instead of owning and maintaining their own data centres, our customers can acquire technology such as compute power, storage, and databases in a matter of seconds on an as-needed basis by simply calling an API or clicking a mouse on a graphical console.
We provide IT infrastructure and services in the same way that you just flip a switch to turn on the lights in your home and the power company sends you electricity.
One of this committee's concerns was democracy. Well, we're really democratizing access to IT services, things that only very large organizations could previously do, in terms of the scale involved. Now the smallest organizations can get access to that same type of very sophisticated advanced technology with simply a click of a button and just paying for their consumption.
Today AWS provides IT services to millions of active customers in over 190 countries. Companies that leverage AWS range from large Canadian enterprises such as Porter Airlines, Shaw, the National Bank of Canada, TMX Group, Corus, Capital One, and Blackberry to innovative start-ups like Vidyard and Sequence Bio.
I want to underline that privacy really starts with security. Privacy regulations and expectations cannot be met unless systems are maintaining the confidentiality of data according to their design. At AWS, we say that security is “job zero”, by which we mean it's even more important than a number one priority. We know that if we don't get security right, we don't really have a business.
AWS and Amazon are vigilant about the security and privacy of our costumers and have implemented sophisticated technical and physical measures to prevent unauthorized access to data.
Security is everyone's responsibility. While we have a world-class team of security experts monitoring our systems 24-7 to protect customer data, every AWS employee, regardless of role, is responsible for ensuring that security is an integral component of every facet of our business.
Security and privacy are a shared responsibility between AWS and the customer. What that means is that AWS is responsible for the security and privacy of the cloud itself, and customers are responsible for their security and the privacy of their systems and their applications that run in the cloud. For example, customers should consider the sensitivity of their data and decide if and how to encrypt their data. We provide a wide variety of encryption tools and guidance to help customers meet their cybersecurity objectives.
We sometimes say, “Dance like no one's watching. Encrypt like everyone is.” Encryption is also helpful when it comes to data privacy. In many cases, data can be effectively and permanently erased simply by deleting encryption keys, for example.
More and more, organizations are realizing the link between IT modernization offered by the cloud and a better security posture. Security depends on the ability to stay a step ahead of a rapidly and continuously evolving threat landscape, requiring both operational agility and the latest technologies.
The cloud offers many advanced security features that ensure that data is securely stored and handled. In a traditional on-premises environment, organizations spend a lot of time and money managing their own data centres, and worry about defending themselves against a complete range of nimble, continuously evolving threats that are difficult to anticipate. AWS implements baseline protections, such as DDoS protection, or distributed denial of service protection; authentication; access control; and encryption. From there, most organizations supplement these protections with added security measures of their own to bolster cloud data protections and tighten access to sensitive information in the cloud. They also have many tools at their disposal for meeting their data privacy goals.
As the concept of “cloud” is often new to people, I want to emphasize that AWS customers own their own data. Customers choose the geographic location in which to store their data in our highly secure data centres. Their data does not move unless the customer decides to move it. We do not access or use our customers' data without their consent.
Technology is an important part of modern life, and has the potential to offer extraordinary benefits that we are just beginning to realize. Data-driven solutions possess potentially limitless opportunities to improve the lives of people, from making far faster medical diagnoses to making farming far more efficient and sustainable. In addressing emerging technology issues, new regulatory approaches may be required, but they should avoid harming incentives to innovate and avoid constraining important efficiencies like economies of scale and scope.
We believe policy-makers and companies like Amazon have very similar goals—protecting consumer trust and privacy and promoting new technologies. We share the goal of finding common solutions, especially during times of fast-moving innovation. As technology evolves, so too will the opportunities for all of us in this room to work together.
Thank you. I look forward to taking your questions.