Attention enterprises — Amazon Web Services LLC is serious about wanting your business. Over the past 6 months the cloud computing leader has made several enhancements to its services that specifically address the security concerns of enterprise infrastructure & operations (I&O) professionals as well as security & risk professionals. With these moves Amazon is slowly knocking down all the barriers to corporate adoption of the Elastic Compute Cloud (EC2) and Simple Storage Service (S3). These moves are likely to take many corporations from test to deploy.
Its latest moves to provide virtual private LAN connectivity to Amazon Machine Images and support multifactor authentication for administration follow a string of moves that have been demanded by enterprise IT shops. The key moves started early this year with the announcement of reserved instances that put a bit more billing predictability in place and make it more palatable to think about deploying an application on EC2 for the long term (Amazon Web Services (AWS) recently lowered the up-front fee for reserved instances making the pricing even more attractive). This was followed by greatly enhanced logging and reporting that lets application development managers and I&O pros better understand what’s happening with their applications and proactively act against potential infrastructure issues. It even enhanced the administrative interface giving users greater control and visibility.
The Virtual Private Cloud (VPC) solution isn’t much more than a supped up VLAN implementation but is one that enterprises will find very easy to use as the solution is an IPsec VPN gateway that speaks Cisco IOS 12.4 and Juniper OS 9.2. And you can bring your own IP addresses so that applications inside your data center and AMIs at EC2 share the same address space and subnet. You can use your normal management, policy enforcement, intrusion detection and other tools across this VPC as well. You can’t fully integrate your S3 volumes into this VPC (yet) but if you highly leverage Elastic Block Store this is less of an issue. There may be some latency impacts to this solution, but it’s a great improvement.
They can’t do anything about the security risks of multitenancy as this is fundamental to the solution — and key to the economic benefits — but these moves, in combination, make EC2 a much more secure and transparent deployment option than ever before. For many Forrester clients, multitenancy may be a show-stopper for some applications but don’t reject Infrastructure as a Service (IaaS) compute clouds outright — a lot of non-critical or non-sensitive applications may fit very well on these types of environments and save your significant costs along the way.
Other IaaS clouds have similar capabilities to these just added to EC2. Some provide much deeper reporting, direct control over hardware firewalls and support for different MFA solutions so you definitely should shop around for the right deployment platform, but EC2 just got a lot more enterprise friendly.
Forrester recommends clients at least experiment with IaaS clouds today and that I&O publish a policy endorsing the use of these clouds for developer functional testing at a minimum. Now it is much easier to specify exactly how your use of these clouds should be configured to comply with corporate security policies.