The cloud marches on despite privacy, security and data sovereignity concerns
Business agility main driver for adoption; change management biggest impediment
THE cloud computing paradigm shift is an undeniable and unstoppable force driven by the competitive needs of businesses and while there are still some impediments that stand in the way of full adoption, its acceptance will eventually happen, says the top executive of a major cloud player.
Dr Werner Vogels (pic), chief technology officer of Amazon Web Services (AWS) Inc, says companies – both big and small – can no longer afford to consider the cloud as a ‘nice to have,’ and those that do will stand to lose out in a big way.
Speaking to Digital News Asia (DNA) in an exclusive interview, Vogels says cloud computing is now a ‘need to have’ as it’s unlike any other technology evolution that the world has seen in the past five decades of computing.
“If cloud computing were like the next tech step of computing – like how we went from mainframe to mini computers to client-server, to PC, and the Web – it wouldn’t be a big deal.
“But because the cloud has a huge impact on businesses like eliminating capital expenditure (capex), lowering operational expenditure (opex), and taking away the complexity of data centre management while enabling customers to go global in minutes, the cloud is able to drive success, and success is so seductive,” he says.
AWS is an independently-run cloud service provider owned by e-commerce giant Amazon.com. AWS began offering IT infrastructure service over the web in 2006, which now include storage, compute and networking services. The company counts amongst its customers small and big companies such as Pfizer, Netflix, Pinterest, NASA, Comcast, to name a few.
Meanwhile, cloud computing has been touted in the past few years as a new way of delivering software and IT services in today’s broadband-enabled world.
The benefits of the cloud are quite clear for businesses. By having applications installed in data centres instead of being ‘on premise,’ companies would not have to individually install software locally on personal computers, laptops, or even on tablets.
Data stored on central servers means it is more secure and is centralised for all to access. Organisations also do not need to worry about software upgrade cycles and users can access all of their applications via the browser.
Financially speaking, companies are able to move their IT spending from a capex to an opex model because they are consuming IT as a service and not buying hardware as assets. This means IT budgets could become much more efficiently used.
But despite some of these obvious advantages, some industries are still grappling with where data is being stored on the cloud, especially when they use the public cloud provided by third-party service providers – such as AWS – that have many clients sharing a common data centre.
In fact, a recent survey commissioned by data centre player NTT Communications suggests that businesses are concerned about where their data is stored and are acting decisively to protect their data by keeping it where they know it will be safe.
The study was completed in March 2014 and follows startling revelations made by Edward Snowden, a former Central Intelligence Agency (CIA) contractor, last year who began revealing astounding details about what the US and UK governments were doing behind closed doors.
This included the massive extent to which the US National Security Agency (NSA) and its British counterpart the Government Communications Headquarters (GCHQ) collected phone and Internet data from citizens. The spying went as far as listening in on German Chancellor Angela Merkel's cellphone.
The NTT sponsored report notes that a big proportion of ICT decision-makers in large companies in France, Germany, Hong Kong, the United States and Britain may even delay cloud computing projects that could deliver them much-needed flexibility and performance gains.
The survey states that in no uncertain terms, ICT decision-makers really want the best of both worlds – the guarantee of the sovereignty, security and privacy of their data and yet reap the benefits of cloud computing. “But they can only do so if they can specify exactly where and how their data is stored in the cloud,” the summary of the report notes.
Security, privacy is paramount
When asked if the conclusions from the NTT Communication’s report were in line with what AWS had been experiencing from their customers, Vogels declines to comment on the specifics of the study, noting only that AWS has not yet seen any impact to its cloud computing business.
“Regardless of the [Edward] Snowden revelations, AWS has always treated privacy and security as the most important element in our business. [To date] we’ve not seen any [negative] impact on our business.
Vogels also unequivocally denied AWS had in the past been a part of the alleged listening in of governments through a project called PRISM.
First revealed in June last year, PRISM is understood to be a clandestine national security electronic surveillance programme administered by the US National Security Agency since 2007.
The revelations were part of a systematic series of disclosures released by Snowden to two media giants; Britain’s Guardian newspapers and US-based The Washington Post.
“We’ve never been part of the PRISM surveillance program,” stresses Vogel. “This means that AWS has never received a request from the FISA (Financial Intelligence Surveillance Court),” he says, adding this also implies that AWS has never divulged any of its customer information in any form to any one.
Besides distancing itself from PRISM, Vogels also took great pains to explain that AWS is committed to privacy and security and will not move its customers’ data from the regions it resides in.
The technology head honcho for AWS reveals that the cloud player has a total of 10 regions where its data centre resides in; four in the United States, one in Europe, one in Brazil and four – Tokyo, Beijing, Singapore, Sydney – in Asia.
“Each of these regions have cluster zones and we have well over 25 availability zones, which our customers can choose from. But wherever our customers’ data is, it will not be moved, unless the customers want it.”
To further strengthen its compliance and commitment to data privacy and sovereignty, Vogels says that AWS also periodically advises its customers on relevant compliance issues such as new legislations, which are introduced from time to time.
An example of this can be found in how AWS has introduced guidelines for customers in Malaysia as the Personal Data Protection Act (PDPA) 2010 came into force this year.
Quizzed further on what he thought of the recent revelation of the Heartbleed bug which blindsided the information security world – a recently discovered flaw in the OpenSSL cryptographic library that could allow hackers to steal information which is normally otherwise protected – Vogels remains philosophical about it, noting that “software bugs are nothing new” and that the cloud has a significant advantage when faced with such a scenario.
“I think everyone was caught by surprise [by Heartbleed],” he says. “Bugs are there and a fact of life forever for software and they are nothing new, and we have to live with them. In fact, my argument is that in the traditional IT world, you have to fix all the bugs first before rolling them out your product to all your customers.
“In cloud computing, it’s a ‘one bug, one fix’ scenario. In the case of Heartbleed, we could immediately investigate where the services were affected or not affected, and we cloud could apply fixes to that.
“This means that when we patched the flaw, all our customers running on our platform are protected. For those customers that were running SSL by themselves, we contacted our customers, with suggestions on to how to fix it.”
Vogels claims that a cloud player such as Amazon has deeper insights to security as they invest heavily on IT security.
“We absolutely cannot do business on the Internet without security and privacy as a number one priority [in today’s world],” he emphasises. “That is why we invest heavily in security and protection of our customers’ data.”
Next Page: Changing ‘change management’