Advertisement

AWS’s Shared Responsibility Model Explained: Two Sides to Achieving Enterprise Security

Paid Post:Amazon Web Services
Reading Time:4 minutes
Why you can trust SCMP
AWS’s Shared Responsibility Model Explained: Two Sides to Achieving Enterprise Security

[The content of this article has been produced by our advertising partner.]

It should come as no surprise that cybersecurity threats have reached unprecedented levels of sophistication, with phishing attacks hitting a five-year high according to Hong Kong Computer Emergency Response Team Coordination Centre’s (HKCERT) Hong Kong Cybersecurity Outlook 2025. What is alarming, however, is that cybersecurity readiness in enterprises remains insufficient, often considered only after a breach or damage occurs.
Hackers indeed have an unfair advantage: the rise of social media and technological innovations have expanded the attack surface exponentially. As Bertram Dorn, Principal Office of the CISO at Amazon Web Services (AWS), highlighted during the AWS Security Day in Hong Kong on 24 July, 2025, "The attacker only needs to win once, but the defender needs to always win." This stark reality of cybersecurity is a reminder to anyone with a mobile device, but an even more important wake-up call for those handling customer data.

Not Just Theory: Getting Hands-on with Cloud Security

The event addressed the developing threat landscape and evolving compliance requirements, gathering over 800 security professionals, technology leaders, industry regulators and partner specialists. By introducing emerging security innovations through panel discussions, interactive demos and booth exhibitions, the underlying goal was clear: demonstrate how technology can help enterprises navigate looming risks effectively and affordably. 

Not only were peers encouraged to network, separate tracks focused on critical infrastructure and artificial intelligence (AI) security were also available, addressing two of the most pressing concerns for organisations. Furthermore, the opportunity to take part in AWS Well-Architected Security GameDay allowed participants to gain hands-on learning experience to practice security best practices. Simulating preset security incidents in a safe sandbox environment, participants were faced with the challenge of real-world security threats.

Not an Afterthought: Building Security from the Ground Up
It is easy to preach about safety, but compliance does not equate to security, and it is no longer enough for enterprises to merely check the boxes. As Robert Wang, Managing Director of Hong Kong and Taiwan at AWS aptly remarked, “Security is not built overnight.” The company has worked backwards from security and regulatory requirements to develop comprehensive security capabilities from hardware to services. 

Being the first cloud provider to mandate multi-factor authentication and achieve ISO/IEC 42001:2023 accredited certification for AI services, AWS has moved on to innovate at a silicon level, launching the Graviton processor to build hardware security design from the ground up. At just $20 per month, organisations can receive personalised recommendations on security postures through well-architected reviews conducted by Amazon Q Developer CLI and Model Context Protocol (MCP) Server, while experiencing the flexibility of a full stack of models and applications. 

Advertisement
Select Voice
Choose your listening speed
Get through articles 2x faster
1.25x
250 WPM
Slow
Average
Fast
1.25x