Amazon's Private Cloud: Virtually Private Or Maybe Private? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
8/28/2009
08:28 PM
Charles Babcock
Charles Babcock
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Amazon's Private Cloud: Virtually Private Or Maybe Private?

Amazon, purveyor of the EC2 public cloud, suddenly announced Aug. 26 it's a private cloud supplier. Isn't there something wrong with a multi-tenant, shared resource provider transforming itself into a private cloud service? I'm not sure Amazon can offer a private cloud --yet. Then again, I see no reason why it couldn't sometime in the future.

Amazon, purveyor of the EC2 public cloud, suddenly announced Aug. 26 it's a private cloud supplier. Isn't there something wrong with a multi-tenant, shared resource provider transforming itself into a private cloud service? I'm not sure Amazon can offer a private cloud --yet. Then again, I see no reason why it couldn't sometime in the future.Amazon announced Wednesday that it's offering an enterprise service oriented toward private cloud use, the Virtual Private Cloud. That means it will make facilities and services available that can be accessed solely by the subscriber over a VPN. No snooping eyes or devices on the network are going to see your private data.

Werner Vogels, in his blog on the subject, says: Amazon Virtual Private Cloud customers will be able to "seamlessly extend their IT infrastructure into the cloud while maintaining the levels of isolation required for their enterprise management tools to do their work."

Companies making use of Amazon to establish their external "private cloud" will access resources over their own routers, which will be configured to go only to IP addresses in a particular company-owned address block. Amazon will set up a Virtual Private Cloud that serves that address block, Vogels explained.

"These resources are fully isolated and can only communicate with other resources in the same Virtual Private Cloud…" he continued.

That may be true, in one sense. But I'm wondering if "isolation" as Vogels uses it means the physical server resources being used are dedicated to the customer's Virtual Private Cloud, or just the network access is isolated by the VPN. Amazon might answer that the isolation provided by the VPN is enough. There may be additional Amazon measures that try to insure that it is enough. But he's going a long ways down the "private" descriptive path if these resources are multi-tenant, perhaps even existing EC2 servers that have been co-assigned the task of supplying the Virtual Private Cloud.

Werners notes in the blog, it's already spent "$2 billion in developing technologies that could deliver security, reliability and performance at tremendous scale and at low cost."

Fair enough. But does that mean if an intruder succeeded somehow in getting into my Virtual Private Cloud, my data would still be protected, highly sensitive virtual machine operations would be shielded from less sensitive virtual machine operations, and suspicious activity, such as an irregular fund transfer, would stand out as an exception and be reported swiftly by the Virtual Private Cloud's monitoring service?

If the answer is, "If you configure your end right, then no intruder can get in," that's a red flag. To keep my data secure, Virtual Private Cloud security is going to have to amount to more than network isolation. There will need to be intruder protection and virtual firewalls built into each virtual machine that isolates it from traffic with other virtual machines; in some cases, isolated it from other VMs even though they are inside the same Virtual Private Cloud. More detail needs to emerge on this offering. But I think what we have in Amazon's latest service is not a private cloud as I understand it but a "virtual" private cloud, a private cloud, maybe, a private cloud that mostly secures the data but can't do everything the typical chief security officer does inside the data center.

My questions: Will I remain in full compliance if I mingle use of my most secure, private data between the data center and the Virtual Private Cloud? Where has the security boundary moved to? It used to be at the perimeter of the data center. Is it still there or did it move into the cloud, with the data? Who's now responsible for that boundary, Amazon or me?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll