"For some industries it is an absolute must-have. For instance, for Amazon.com to move onto AWS we had to be PCI compliant, because of the credit card transaction volumes. For U.S. government organizations to move into AWS, we had to be compliant with their rules and regimes and for the U.K. government we had to be compliant with theirs," Schmidt said.
For organizations where compliance isn't a must then certifications, including ISO 27001, still work as a way for them to understand how Amazon practises security, according to Schmidt.
One certification Amazon is still working on is Federal Risk and Authorization Management Program (FedRAMP), a government program that aims to standardize security assessment, authorization, and continuous monitoring for cloud services, according to Amazon.
"It is an evolving process. The U.S. government hasn't quite decided what it wants to do with FedRAMP, and it keeps changing some of the evaluation criteria, but hopefully that will be settled soon because we are really looking forward to that one," Schmidt said.
Government organizations and agencies can rely on FedRAMP instead of doing their own evaluations, resulting in cost savings and uniform evaluations. Today some organizations are more capable of performing a good review than others are, but the FedRAMP program will iron out those differences and raise the security bar across the government space, according to Schmidt.
Send news tips and comments to firstname.lastname@example.org.