As you would expect amazon Web Services (AWS) was a significant presence at the recent Cloud Asia Expo that took place in Singapore. DSA took the opportunity to meet with Teresa Carlson (VP AWS Worldwide Public Sector) and Peter Moore (MD APAC AWS Global Public Sector) to understand more about how AWS view the South Asian Cloud market.
We were interested in their experience and views on how concerned South Asian Users are when it comes to data security and data sovereignty on Public Cloud. With both Carlson and Moore focusing on public sector we assumed that their customers would have big concerns in these areas.
Asian IT professionals perhaps more than most are particularly concerned about putting their data into public cloud, we were interested to understand if AWS felt this fear is warranted. Carlson highlighted that for AWS security is something they think about every day. She told us that AWS have a world-class security team with deep intelligence that is dedicated to continually assessing, monitoring and improving security across the AWS portfolio. In her view users ARE concerned about data security and they are right to have that concern, but what she goes on to question is whether there is any justification for being more concerned about the security of AWS cloud than other types of cloud or even on premise IT. She went on to explain that when AWS started selling to government agencies in the US security was always a big concern, as a result AWS has been addressing security since day one.
Moore’s experience in Asia corroborates what Carlson explained. Moore maintains that the security issue is often based more on emotion than on clear technical understanding. As an example in Moore’s experience when people move an application or a server onto AWS they often find immediate improvements in security and general ongoing management. He suggested that many enterprises don’t actually know everything about what is running on premise, but when they move to AWS the tools that are instantly available give them insight that far exceeds what they have in their own data center.
Moore explained that when IT professionals are exposed to AWS Trusted Advisor (a set of optimization tools to improve costs, efficiency reliance and security) they realize that far from relinquishing control of their management and security it is often significantly improved.
Both Moore and Carlson passionately believe that AWS cloud is more than secure enough for almost any application and the issue they face to convince people of this is one of education. They believe that as people understand and then build trusting relationships with AWS that there is no technical reason why AWS would increase security exposure. Carlson pointed out that AWS security accreditations are numerous and meet the highest levels.
When questioned on Hybrid Cloud the AWS confidence in the security of their public cloud offering was even more clear. Carlson took the offensive smiling as she explained that from the AWS perspective hybrid cloud is a way for old school providers to protect margins and market share. We understand her point: cloud and especially public cloud drives down prices and commoditizes what once may have been high value hosted and managed services. For AWS its about meeting the security bar for their customers, and Carlson pointed to many RFPs that called for a Hybrid Cloud model yet AWS still managed to bid and win the opportunities.
Moore expanded further explaining that in his experience the term hybrid cloud is often hijacked by vendors to suit their own technology strengths. Once again he feels it all about education, even though AWS is “public” cloud, he can still offer his customers a Virtual Private Cloud (VPC) with AWS Direct Connect (a dedicated line straight into AWS) and when customers realize this, the lines between what they thought hybrid cloud might be become far more blurred.
When we moved the question to data sovereignty, it was not surprising to find the AWS executives just as bullish. They explained that customers can choose into which region** they want to place their data and Carlson also pointed out that in her view encryption will mean that data sovereignty issues will become less important over time.
We were less convinced by the AWS stance on sovereignty than we were on security. We tend to subscribe to the AWS view that over time as IT professionals become more educated on cloud that security will become increasingly less of an obstacle to cloud adoption than it is today. Conversely we feel that data sovereignty will become a bigger issue, perhaps not driven by the IT team but certainly driven by legal departments. The geographic location of where certain data resides will, in our opinion, become a bigger not smaller issue.
The AWS South Asia Region is based in Singapore. For ASEAN companies this means the most local place their AWS data will be stored is in Singapore. For some this raise sovereignty issues, and until bandwidth for leased lines between countries becomes affordable, the AWS Direct Connect option into AWS may not be viable for companies outside Singapore.
That said we have no doubt that AWS will see explosive growth in this region, their model is both revolutionary and compelling and judging by the passion of the senior executives we spoke to, their appetite to evangelize, inform and educate on the AWS offerings is unquestionable.