Amazon channel partners and customers have a message for IT pros with lingering concerns: Get with the times.
People aren't keeping up.
vice president, SolutionSet LLC
Amazon public cloud customers say they've been pleased with the company's security documentation and customer service. And Amazon Web Services (AWS) partners say skittish IT pros have an impression of Amazon that is outdated at best.
"It's a complete fallacy that you can't run your production database workloads on Amazon," said Kent Langley, vice president of San Francisco-based digital consultancy SolutionSet LLC. "It's what every competitor to Amazon wants you to believe. It's just not true."
Why choose Amazon public cloud?
The Cambridge Health Alliance actually chose AWS because of its security features. Steve Carter, senior director of Web development and business analytics at the Massachusetts-based health care system, said he went with Amazon after reading its detailed security whitepaper. He learned that Amazon's data centers' security credentials include the SAS70 Type II and ISO 27001 certifications, which was enough to make him feel comfortable about security.
In the whitepaper, Amazon also advises users to implement their own encryption for data in transit and at rest within its system, a requirement Carter found acceptable. In general, Amazon's security model as detailed in the paper seemed mature, he said.
Special report: Amazon's enterprise image problem
Part 1: Amazon security, compliance worries are still major obstacles
Part 3: More education, integration will boost Amazon adoption
The Cambridge Health Alliance runs three servers on Amazon's Elastic Compute Cloud (EC2): a Microsoft SQL Server instance and an instance hosting REDCap research software, both of which are dedicated to collaborative work, and a third server that hosts its website. Hosting those internally would have required complex configurations to allow access from outside organizations, Carter said. "EC2 has a good firewall setup at the server level, and it was just a far simpler process," he said.
Customer service has also been a pleasant surprise. Amazon says it can take up to 24 hours to return support calls, but Carter said he usually hears back within just a couple of hours. Still, his experiences with the Amazon public cloud haven't dispelled all doubts. When it comes to application performance and true cost savings on a wider array of workloads, the jury's still out, he said.
AWS partners debate perception vs. reality
The perception that the Amazon public cloud is only fit for Web-based startups and test and dev environments stems from early deployments of AWS, which had significant I/O problems between Amazon machine images and storage networks, SolutionSet's Langley said. "Almost all those have been addressed with subsequent releases," he said. "People aren't keeping up."
Fears about compliance with various regulations -- most commonly, the Payment Card Industry Data Security Standard, or PCI DSS, and the Health Insurance Portability and Accountability Act (HIPAA) -- often come up as reasons why enterprises won't use Amazon or other public cloud services. But these days, Amazon and its AWS partners are able to meet most requirements. Amazon even has a whitepaper describing how to set up HIPAA-compliant environments on AWS.
"HIPAA is one of the least difficult certifications we deal with," said Kris Bliesner, CEO of 2nd Watch Inc., a cloud computing consultancy and systems integrator based in Liberty Lake, Wash. Bliesner also has set up PCI DSS-compliant environments on AWS. Amazon is a PCI Level 1 service provider, meaning that it stores, processes and/or transmits more than 300,000 financial transactions annually, according to Amazon's security and compliance website. If customers are willing to sign a nondisclosure agreement with Amazon, they can get more details about its compliance practices, the liabilities it's willing to accept and its certifications, he said.
SolutionSet's Langley's AWS customers include Fortune 500 and even Fortune 50 organizations that are running production workloads on EC2 but are reluctant to speak publicly about their experiences. A Fortune 50 client developed a business intelligence and business analytics application that runs on AWS, and a Fortune 500 client moved its corporate content management system to Amazon's virtual private cloud, he said.