Thank you so much, Mr. Chair and members of the committee.
I'm delighted to be here with you to speak about data privacy and security today, and how these apply to applications that run on Amazon Web Services, or AWS.
My name is Nicole Foster, and I am the director of public policy at AWS.
I'm responsible for our global AI and ML policy strategy, and our Canada public policy strategy.
As you may know, AWS is a subsidiary of Amazon that provides on-demand cloud computing services for individuals, companies and governments on a metred, pay-as-you-go basis. The “cloud” refers to the on-demand delivery of IT resources over the Internet, such as servers, and the software applications and databases that run on them. Despite their name, cloud services are physically located on the ground in data centres all over the world, including here in Canada. Organizations that use them do not need to own, run or maintain their own physical servers or software applications. Instead, they can use the cloud to run applications on demand, paying only for what they need.
AWS is the world's most comprehensive and broadly adopted cloud service provider. Millions of customers, including the fastest-growing start-ups, the largest enterprises and leading government agencies, are using AWS to lower costs, become more agile and innovate faster. This is all done with state-of-the-art security controls.
AWS is architected to offer the most secure cloud-computing services available today. We support more security standards and compliance certifications than any other cloud provider, thereby helping satisfy security and compliance requirements for virtually every regulatory agency around the globe. We are proud of our record in maintaining the privacy and security of Canadians. Our cybersecurity assessment reports are available to any customer. They include our detailed assessment from the Canadian Centre for Cyber Security.
As you know, in early 2020, AWS was contracted by the Government of Canada, through established Shared Services Canada procurement channels, to work with the Canada Border Services Agency and the Public Health Agency of Canada. The objective was to help launch aspects of the pandemic response program.
In the case of ArriveCAN, specifically, AWS's role was to securely host the application on the AWS cloud. In addition to that, we worked with CBSA and PHAC, providing expert advisory services related to ArriveCAN security and infrastructure architecture. This included implementing the Government of Canada's standards on cybersecurity; integrating ArriveCAN with the rest of the CBSA and PHAC ecosystems; enabling architectures and security that have supported major new functionality throughout the two and a half years since it was launched; providing tools to enable CBSA to monitor the integrity of the data and support its operations; and ensuring that AWS services were configured to minimize the overall cost of AWS to Canada, while supporting the ability to ensure high availability of the program to Canadians and international travellers.
Mr. Chair, I'd like to further elaborate on the security and privacy measures we have in place at AWS. Security and protecting Canadian citizens' data are at the top of our priorities.
Our customers benefit from data centre and network architecture that is built to meet the requirements of the most security-sensitive organizations. AWS customers in Canada can place workloads, applications and their data in an AWS infrastructure region located here, in-country.
Specifically, our Montreal region—we refer to a collection of data centres as a region—enables customers to address data compliance and residency requirements. Our extensive security technologies, 24-7 monitoring and alerting, and rigorous attention to all aspects of securing AWS infrastructure are designed to ensure that customers' data can be used by only them.
The services we provided for ArriveCAN were architected in alignment with the security standards set by Shared Services Canada and the Centre for Cyber Security. Our physical data centres and on-site personnel have been inspected and assessed for compliance by Public Services and Procurement Canada's industrial security directorate. As well, AWS personnel who worked and/or continue to work on ArriveCAN are all Canadian citizens. All have their reliability status, which is governed by the Treasury Board standard on security screening.
Mr. Chair, AWS is vigilant about its customers' privacy and sensitive information. To be clear with you and all members of this committee, AWS personnel did not at any point in time have access to any personal data from Canadians while working on ArriveCAN.
In conclusion, AWS is proud to have supported our customers during the height of the COVID-19 pandemic, but we understand that when the public interest is at stake, additional questions may be asked. Within the confines of our agreements, I will endeavour to answer these questions to the best of my ability today. Our focus remains on providing scalable technology services, with security as our highest priority.
Thank you for this opportunity.
I would be pleased to take any questions.
