Amazon Debunks Top 5 Myths of Cloud Computing
As the 5th International Cloud Computing Conference & Expo (Cloud Expo) opens in New York City on April 19, Amazon Web Services (AWS) is tapping into the attention the event is placing on cloud computing to address what the company views as some of the more persistent myths related to the cloud.As the 5th International Cloud Computing Conference & Expo (Cloud Expo) opens in New York City on April 19, Amazon Web Services (AWS) is tapping into the attention the event is placing on cloud computing to address some of what the company views as the more persistent myths related to the cloud. Despite being among the first to successfully and profitably implement cloud computing solutions, AWS officials said the company still has to constantly deal with questions about the reliability, security, cost, elasticity and other features of the cloud. In short, there are myths about cloud computing that persist despite increased industry adoption and thousands of successful cloud deployments. However, in an exclusive interview with eWEEK at Amazon's headquarters in Seattle, Adam Selipsky, vice president of AWS, set out to shoot down some of the myths of the cloud. Specifically, Selipsky debunked five cloud myths.
??Ã They own the data, not us ??Ã They choose which location to store the data and it doesn't move unless the customer decides to move it ??Ã They can encrypt their data at rest and in motion ??Ã Regardless of whether customers choose to encrypt or not, we never look at the dataMoreover, Selipsky said, "We have very strong data durability -- we've designed Amazon S3 (Simple Storage Service) for eleven 9's of durability. We store multiple copies of each object across multiple locations." Selipsky also said AWS has a "Versioning" feature that allows customers to revert to the last version of any object they unintentionally delete or somehow lose due to application failure. And customers can ensure additional fault tolerant applications by deploying their applications in multiple Availability Zones or using AWS' Load Balancing and Auto Scaling features. "And, all that comes with no capex [capital expenditures] for companies, a low per unit cost where you only pay for what you consume, the ability to add or shed servers for your business (and balance sheet) in minutes, and the ability to focus engineers on unique incremental value for your business," Selipsky said. The origin of the reliability claims come from an illusion of control, he said. "People think if they can control it they have more say in how things go. It's like being in a car versus an airplane, but you're much safer in a plane." Myth 2: Security and Privacy Are Not Adequate in the Cloud Security is an end-to-end process and companies need to build security at every level of the stack, Selipsky said. Examining Amazon's cloud, you will see that the same security isolations are employed as would be found in a traditional data center, he said. These include physical data center security, separation of the network, isolation of the server hardware, and isolation of storage. On the physical data center side, well before Amazon launched its cloud services, data centers had already become a frequently shared infrastructure. Companies realized that they could benefit by renting space in a data facility rather than building it, added Selipsky. Indeed, citing security fundamentals, Selipsky said:
??Ã Security could be maintained by providing badge-controlled access, guard stations, monitored security cameras, alarms, separate cages, and strictly audited procedures and processes. ??Ã Amazon Web Services' data center security is identical to the best practices employed in private data facilities today. It has the added physical security advantage that customers have no need to access to the servers and networking gear inside. Because of this, access to the datacenter is even more strictly controlled than traditional rented facilities. ??Ã At the physical data center level, the Amazon cloud has equal or better isolation than could be expected from dedicated infrastructure.Regarding the network, networks long ago ceased to be isolated physical islands, Selipsky noted. As companies found the need to connect to other companies, and then the Internet, their networks became connected with public infrastructure. They used special network functionality, such as firewalls and switch configurations, to prevent bad network traffic from getting in or important traffic from leaking out. As their network traffic increasingly passed over public infrastructure, companies began using additional isolation techniques, such as Multi-protocol Label Switching (MPLS) and encryption, to maintain the security of every packet on (or leaving) their network. Amazon's approach to networking in its cloud is the same: maintain packet-level isolation of network traffic and support industry-standard encryption. Because Amazon Web Services' Virtual Private Cloud allows a customer to establish their own IP address space, customers can use the same tools and software infrastructure they're already familiar with to monitor and control their cloud networks. Finally, Amazon's scale allows significantly more investment in security policing and countermeasures than almost any large company could afford. "Our security is strong and dug in at the DNA level," Selipsky said. Meanwhile, on the hardware side, Amazon Web Services invests significantly in testing and validating the security of its virtual server and storage environment. According to Selipsky, these investments include:
??Ã We wipe the server and storage clean after customers release these resources, so there is no possibility of leaving behind important data. ??Ã Each instance has its own customer firewall to prevent intrusion from other running instances. ??Ã For those wanting even more network isolation can use Amazon VPC (which allows you to bring your own IP address space to the cloud and your instances can only be accessed via those IP addresses that only you know) ??Ã For those wanting to run on their own boxes (where no other instances are running), you can purchase extra large instances (an instance size that's pretty typical for larger customers and workloads) where only that XL instance runs on that server.Selipsky also argued that Amazon's scale allows significantly more investment in security policing and countermeasures than almost any large company could afford themselves. "In fact, we often find that we can improve companies' security posture when they use AWS," he said. "Take the example lots of CIOs worry about -- the rogue server under a developer's desk running something destructive or that the CIO doesn't want running. Today, it's really hard (if not impossible) for CIOs to know how many orphans there are and where they might be. With AWS, CIOs can make a single API call and see every system running in their VPC [Virtual Private Cloud]. No more hidden servers under the desk or anonymously placed servers in a rack and plugged into the corporate network. Finally, AWS is SAS-70 certified; ISO 27001 and NIST are in process, Selipsky said. Myth 3: I Can Get All the Benefits of the Cloud by Creating My Own In-house Cloud or Private Cloud "There's a lot of marketing going on about the concept of the 'private cloud,'" Selipsky said. "We think there's a bit of a misnomer here." In general, "we often see companies struggling to accurately measure the cost of infrastructure," he said. "Scale and utilization are big advantages for AWS. In our opinion, a cloud has five key characteristics: It eliminates capex; allows you to pay for what you use; provides true elastic capacity to scale up and down; allows you to move very quickly and provision servers in minutes; and allows you to offload the undifferentiated heavy lifting of infrastructure so your engineers work on differentiating problems" Moreover, Selipsky said what people are calling private clouds come with the following drawbacks, where the customer will:
??Ã Still own the capex...and they're very expensive (big fixed investments) ??Ã Not pay for what you use ??Ã Not have true elasticity...when groups relinquish their servers, the company still owns the datacenter space and servers...and will also find that managing this supply chain will present a dilemma...will either have to significantly overprovision which is wasteful or become really expert at managing just-in-time supply-chain so there are no long waits for servers...managing a supply chain like this is really hard and takes a lot of effort and refining and keeping the status quo of long time to market is not so appealing either ??Ã Still own the headache of managing the undifferentiated heavy liftingGetting a little deeper, Selipsky added, "With a private cloud you have to manage capacity very carefully...or you or your private cloud vendor will end up over-provisioning. So you're going to have to either get very good at capacity management or you're going to wind up overpaying." And challenging the elasticity of private clouds, Selipsky said, "The cloud is shapeless. But if it has a tight box around it, it no longer feels very cloud-like." However, a key driver for AWS' offerings is the company's ability to save customers money and drive efficiency. "In virtually every case we've seen, we've been able to save people a significant amount of money," Selipsky said. Some of the reasons for this are that as AWS' business has grown dramatically over the past four years, the company has achieved enough scale to secure very low costs. Additionally, AWS has been able to aggregate hundreds of thousands of customers across every imaginable use case and various geographies to have very high utilization of its infrastructure -- how well you utilize the infrastructure is a key economic driver because if you have high utilization, you can buy less servers to serve the same load somebody with low utilization has to serve with many more servers. "In our conversations with customers we see that really good enterprises are in the 20-30 percent range on utilization -- and that's when they're good...many are not that strong," Selipsky said. "The cloud allows us to have several times that utilization. Finally, it's worth looking at Amazon's heritage and AWS' history. We're a company that works hard to lower its costs so that we can pass savings back to our customers. If you look at the history of AWS, that's exactly what we've done (lowering price on EC2, S3, CloudFront, and AWS bandwidth multiple times already without any competitive pressure to do so)." Myth 4: If I Can't Move Everything at Once, the Cloud Isn't for Me
"We believe this is nearly impossible and ill-advised," Selipsky said. "We recommend picking a few apps to gain experience and comfort then build a migration plan. This is what we most often see companies doing." Moreover, added Selipsky, "Companies will be operating in hybrid environments for years to come. We see some companies putting some stuff on AWS and then keeping some stuff in-house. And I think that's fine. It's a perfectly prudent and legitimate way of proceeding." Myth 5: Cost Is the Biggest Driver of Cloud Adoption "There is a big savings in capex and cost but what we find is that one of the main drivers of adoption is that time-to-market for ideas is much faster in the cloud because it lets you focus your engineering resources on what differentiates your businesses." Overall, regarding these myths, Selipsky said he believes "a lot of this revolves around psychology and fear of change, and human beings needing to gain comfort with new things. Years ago people swore they would never put their credit card information online, But that's no longer the case. We're seeing great momentum. We're seeing, more and more, over time these barriers [to cloud adoption] are moving."