On September 17, 2013, Quocirca attended the Amazon Web Services (AWS) Enterprise Summit in London. The rate of growth of the vendor’s online infrastructure is remarkable if its own figures are to be believed. Using itself as a yardstick, AWS says it is adding enough new infrastructure a day to support its Amazon.com retail business as it was in 2003, then worth over $5B (Amazon.com is AWS’s biggest customer).
The event was packed with hundreds of developers and other IT types whose organisations are committed to using AWS’s increasingly broad range of on-demand services at some level. The growing list includes EC2 (compute power), S3 (storage), RDS (database), CloudFront (content delivery). Two recently added ones discussed at the event were RedShift; a data warehousing service, priced at $999 per terabyte per year and Glacier, a backup and archive service priced, at $0.01 per gigabyte per month.
These last two underline why cloud services are becoming so compelling for many business. The economies of scale that cloud service providers can achieve, especially one the size of AWS, can drive down the cost of procuring IT infrastructure so far that the cost of in-house deployments start to look absurd. However, nearly all relevant research reports, including Quocirca’s, show that many are holding back because of the perceived security issues around cloud based services.
AWS is acutely aware of this. There were two keynotes at the London event, one about AWS in general, delivered by Andy Jassy, Senior VP for AWS and the second focused purely on security delivered by Stephen Schmidt, VP Security Engineering and CISO. Schmidt went through many aspects of AWS security including the vigorous data destruction process when hardware is refreshed. He was also careful to point out the shared security model:
- AWS takes responsibly for securing its facilitates, server infrastructure, network infrastructure, virtualization infrastructure
- The customer is free to choose its operating environment, how it should be configured and set up its own security groups and access control lists.