AWS continues to round out the core features of its platform, but the cloud vendor's next step may push it further up the stack and into services commonly associated with its on-premises rivals and independent software vendors -- a move that some will question.
Amazon made its name in IT, as it undercut established vendors with quick and cheap access to infrastructure. But what began as a haven for startups is now designed with large corporate customers in mind. And there are indications AWS' enterprise efforts may soon delve into prescriptive tooling and services tailored to vertical markets.
Checking the AWS enterprise boxes
For the most part, what were once gaping holes in AWS' enterprise strategy are now modest gaps, according to industry observers and some of AWS' largest customers. There's greater diversity in instance types and storage options to address more use cases; an expanded breadth of security features, including encryption in transit and at rest; deep integrations with familiar enterprise consultants, such as Accenture and Deloitte, as well as established software vendors, like Salesforce and SAP; and multiple tools to more easily migrate workloads or establish a hybrid architecture, most notably with its first full-scale, on-premises infrastructure service, AWS Outposts, set to go on sale in 2019.
That's not to say AWS has addressed all enterprise demands.
AWS' biggest problem with enterprises today is not technological, but rather its ability to educate those organizations on how its platform differs from their on-premises architecture, said Grant Kirkwood, CTO at Unitas Global, a Los Angeles-based hybrid cloud provider that works with AWS. For example, an enterprise may question the value of S3 because it thinks it needs built-in redundancy, even though it's already baked into the service.
"This is changing, but if you want to suss out the answer to those questions, where do you go to find that out?" Kirkwood said. "It's pretty hard. And, especially with Amazon's 5,000 services, it's easy to get lost."
Also, the vast majority of workloads remain inside corporate data centers, and many of those won't move to the cloud soon -- or ever. Even AWS executives acknowledged there's lots more work to do, saying they received hundreds of feature requests from enterprise customers at re:Invent.
But the conference did provide hints about how AWS will try to appease a class of customer that represents its biggest opportunity for future growth. The cloud vendor made a big effort to make emerging technologies such as AI and serverless frameworks more approachable, but also released more mundane management controls that would appeal to enterprise buyers who don't want to handle everything themselves.
AWS enterprise efforts play a big role at re:Invent
The initial promise of AWS was it would handle much of the monotonous, heavy lifting for customers, so they could focus on what's most important to their business. But, as the cloud vendor continued to add features and functionality to cover the broadest audience possible, it also added complexity in areas such as security, cost control and account management, especially for large organizations with thousands of users.
Three services rolled out at re:Invent are specifically designed to address these issues: AWS Control Tower for automated control of multiaccount environments, AWS Security Hub for centralized compliance controls and AWS Lake Formation to simplify the creation of data lakes.
AWS also added a self-guided service, called the Well-Architected Tool, to track whether an application has been properly built and maintained. And the cloud provider has done more to incorporate AI behind the scenes to help with automation. It began last year with security services, and it continued last month with tools for predictive auto scaling and storage curation that puts data in the appropriate tier, based on cost and access requirements.
T-Mobile has 50,000 employees who interact with its cloud applications, which are primarily on AWS. The company built an open source project, PacBot, to automate security permissions across an account, but these types of updates -- particularly Control Tower -- could provide the deeper control the company requires, said Darron Webb, vice president of IT development at T-Mobile, based in Bellevue, Wash.
"I need the ability to look at things not from the account level, but at the workload or application-team level so I can enforce more granular permissions. And [with the prior AWS] model, it was sort of all or nothing -- you can't really segregate what you need," he said.
But there's still room for more prescriptive guidance to navigate the vast array of services available on the platform and prevent users from being overwhelmed. For example, AWS now has a dozen database services and 24 instance types -- each with multiple sizes.
"I don't think there's going to be a time when there are too many tools, but I do think we absolutely have to help customers use the right tool and figure out how we build abstractions or guidance or capabilities to make it easier for them," said Matt Garman, AWS' vice president of compute services.
Not every user will want or need these native services, but they're the types of upgrades many enterprises have wanted to see for years on AWS. And while all these moves are generally viewed as positives, it's that next step in prescriptive services -- industry verticals --that has some observers split.
Click here to read part two on AWS' move to more prescriptive services.