LAS VEGAS – Amazon.com CTO Werner Vogels led the cheerleading effort at the Enterprise Cloud Summit this week calling this "day one" for cloud usage in the enterprise. But despite his upbeat attitude, IT shops voiced some fundamental concerns and were not always comforted by his replies.
Dr. Lennox Superville, the CEO of Infosysarchitecture LLC, said he felt Amazon was "hedging" its infrastructure in case of disaster. "Give me some confidence," he told Vogels at a standing room-only session. Security concerns were top of mind with attendees after last week's two-hour outage at Google. Vogels did not have a direct reply, but assured the crowd that Amazon's investment in data centers and hardware made its cloud very safe.
Vogels went on to say that customers with regulatory and security concerns could get privileged access to AWS workings once they had committed as customers. He cited helping customer TC3 Health to become HIPAA compliant.
Potential customers like Superville will need more concrete re-assurances before they are willing to invest. "People will need to know how they integrate" the delivery, infrastructure and transport layers of the cloud to guarantee security before enterprise adoption is really possible, Superville said. He urged for more white papers to cover the topic and greater transparency.
Amazon has taken steps to address these concerns and just announced the public beta of new features for Elastic Compute Cloud (EC2) including CloudWatch for monitoring Amazon Web Services cloud resources; Auto Scaling for automatically growing and shrinking capacity based on demand, and Elastic Load Balancing for distributing incoming traffic across Amazon EC2 instances. Vogels said they were born out of direct feedback from enterprises looking for greater robustness out of its cloud services. He promised more services like it.
On the economics of the cloud model, Vogels rebutted a recent McKinsey report that showed costs for running EC2 and S3 as higher than average. He said that usage had to be appropriate and that "CIOs perfectly well understand where the cost savings are." He pointed to indycar.com, a website that has high-capacity needs only a few times a year as an appropriate use.
"Flex is the issue," said James Staten, principal analyst at Forrester Research in a session on the downsides of using cloud providers. Look for applications that have peaks and troughs of availability rather than a steady state, and in those peaks, tap into the cloud.
On the subject of interoperability, Werner cautioned against lock-in. "If you use EC2, you don't have to use our storage," he said noting that Amazon is probably "shooting itself in the foot" with this strategy. But he appears to be rigidly against locking in customers and his own engineers. "We cannot have lock-in; our engineers can use whatever they want, to take advantage of the most powerful tools at any given time you cannot have lock-in," he said.
Meanwhile, Bob Parisi, a risk analyst at the Marsh Group had cautionary words on possible legal exposure, noting that current IT insurance products weren't explicit about liability in the cloud. "The technology is clearly outpacing the legal ability" of insurance companies to predict who is liable if a company suffers a disaster while using cloud services, he said.
The day ended with a packed "unConference" called CloudCamp, where a quick straw poll revealed that the majority of the attendees were both new to cloud computing and present to learn more about it.
Questions on cloud standards, risk management, finding alternative providers and how to move applications to the cloud, came up frequently.
Mick Bass, the VP of worldwide alliance management at Ascent Media, a media service provider for large entertainment studios said he hadn't seen anything yet from cloud providers that would allow him to replicate large data sets to locations of his choosing. "We need to move large data sets in and out of the cloud cost-effectively," he said.
Carl Brooks is the Technology Writer for SearchCloudComputing.com. Write to him at firstname.lastname@example.org.
Dig deeper on AWS security