Despite the challenges facing U.S.-based cloud service providers in Europe, Amazon Web Services has plans to conquer the continent -- one local data center at a time.
While some industry watchers think concerns about the U.S. National Security Agency (NSA) will fade in most of Europe, Germany is an exception. Its laws against personally identifiable information leaving the country are strongest among European Union (EU) countries and its reaction to the Snowden revelations about the NSA's PRISM surveillance program have been among the strongest.
With data localization pressures mounting, one cloud consultant with international clients said Amazon Web Services (AWS) may need to build a data center in Germany to win business there.
"The Germans are pretty specific about [personally identifiable information] for their citizens not leaving Germany," said Kris Bliesner, CEO of 2nd Watch, a cloud computing consultancy and systems integrator in Seattle.
Christopher Soghoianprincipal technologist for the ACLU
AWS plans to open a data center in Frankfurt, Germany, according to published reports. AWS would not provide comment on record about their data center plans.
In addition to opening a new data center, Amazon might deepen its partnerships with developing local cloud service providers in Germany and other EU countries. There's precedent for this in AWS' relationship with Datapipe Inc. in China, for example.
These local cloud service providers are here to stay, having sprung up even after AWS made its presence felt in Europe with its first data center in Dublin, Ireland, said Rory Duncan, research director for European services for the 451 Research, based in New York.
Duncan expects AWS to partner with smaller companies to offer Direct Connect access to AWS data centers so that storage can remain local, in a hybrid configuration.
"Going forward I expect there to be some kind of co-existence between Amazon and regional firms," Duncan said.
AWS encryption is key, local data center or not
No matter where AWS' data centers are located, IT pros must do what they can to secure data in the cloud.
"We make sure that we partition, isolate and classify our data … and then we put the right level of controls around that, irrespective of Amazon's coverage of that data," said Jim O'Neill, CIO for Hubspot Inc., a marketing software as a service company based in Cambridge, Massachusetts.
This reflects other public statements by AWS CTO Werner Vogels last month, which also emphasized the need for strong encryption regardless of where data is stored, as well as the testimony of Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU), before German Parliament on June 26.
"Keeping data in Germany will not keep the NSA's legion of cyber-warriors out," Soghoian said. "Rather than focusing on where the data is kept, you should be focusing your attention on the need to encrypt data."
Still, AWS controls the keys to encryption for services such as the Elastic Block Store, not users, with the recent and notable exception of the Simple Storage Service. And while AWS participates in safe harbor programs and commits to keeping data out of selected AWS Regions as part of its Customer Agreement, the company can be elusive. Especially on contracts that guarantee data won't leave a certain country within a certain region, or exactly how data is backed up for disaster recovery within regions.
"They aren't very forthcoming about what they're doing, what [data] is backed up and what's not backed up and where," Bliesner said. "I would just like them to be more crystal clear with customers around what's actually going to happen with their data."