KUALA LUMPUR, May 5 — The cloud computing paradigm shift is an undeniable and unstoppable force driven by the competitive needs of businesses and while there are still some impediments that stand in the way of full adoption, its acceptance will eventually happen, says the top executive of a major cloud player.
Dr Werner Vogels, chief technology officer of Amazon Web Services (AWS) Inc, says companies – both big and small – can no longer afford to consider the cloud as a ‘nice to have,’ and those that do will stand to lose out in a big way.
Speaking to Digital News Asia (DNA) in an exclusive interview, Vogels says cloud computing is now a ‘need to have’ as it’s unlike any other technology evolution that the world has seen in the past five decades of computing.
“If cloud computing were like the next tech step of computing – like how we went from mainframe to mini computers to client-server, to PC, and the Web – it wouldn’t be a big deal.
“But because the cloud has a huge impact on businesses like eliminating capital expenditure (capex), lowering operational expenditure (opex), and taking away the complexity of data centre management while enabling customers to go global in minutes, the cloud is able to drive success, and success is so seductive,” he says.
AWS is an independently-run cloud service provider owned by e-commerce giant Amazon.com. AWS began offering IT infrastructure service over the web in 2006, which now include storage, compute and networking services. The company counts amongst its customers small and big companies such as Pfizer, Netflix, Pinterest, NASA, Comcast, to name a few.
Meanwhile, cloud computing has been touted in the past few years as a new way of delivering software and IT services in today’s broadband-enabled world.
The benefits of the cloud are quite clear for businesses. By having applications installed in data centres instead of being ‘on premise,’ companies would not have to individually install software locally on personal computers, laptops, or even on tablets.
Data stored on central servers means it is more secure and is centralised for all to access. Organisations also do not need to worry about software upgrade cycles and users can access all of their applications via the browser.
Financially speaking, companies are able to move their IT spending from a capital to an operational expenditure model because they are consuming IT as a service and not buying hardware as assets. This means IT budgets could become much more efficiently used.
But despite some of these obvious advantages, some industries are still grappling with where data is being stored on the cloud, especially when they use the public cloud provided by third-party service providers – such as AWS – that have many clients sharing a common data centre.
In fact, a recent survey commissioned by data centre player NTT Communications suggests that businesses are concerned about where their data is stored and are acting decisively to protect their data by keeping it where they know it will be safe.
The study was completed in March 2014 and follows startling revelations made by Edward Snowden, a former Central Intelligence Agency (CIA) contractor, last year who began revealing astounding details about what the US and UK governments were doing behind closed doors.
This included the massive extent to which the US National Security Agency (NSA) and its British counterpart the Government Communications Headquarters (GCHQ) collected phone and Internet data from citizens. The spying went as far as listening in on German Chancellor Angela Merkel's cellphone.
The NTT sponsored report notes that a big proportion of ICT decision-makers in large companies in France, Germany, Hong Kong, the United States and Britain may even delay cloud computing projects that could deliver them much-needed flexibility and performance gains.
The survey states that in no uncertain terms, ICT decision-makers really want the best of both worlds – the guarantee of the sovereignty, security and privacy of their data and yet reap the benefits of cloud computing. “But they can only do so if they can specify exactly where and how their data is stored in the cloud,” the summary of the report notes.
Security, privacy is paramount
When asked if the conclusions from the NTT Communication’s report were in line with what AWS had been experiencing from their customers, Vogels declines to comment on the specifics of the study, noting only that AWS has not yet seen any impact to its cloud computing business.
“Regardless of the [Edward] Snowden revelations, AWS has always treated privacy and security as the most important element in our business. [To date] we’ve not seen any [negative] impact on our business.
Vogels also unequivocally denied AWS had in the past been a part of the alleged listening in of governments through a project called PRISM.
First revealed in June last year, PRISM is understood to be a clandestine national security electronic surveillance programme administered by the US National Security Agency since 2007.
The revelations were part of a systematic series of disclosures released by Snowden to two media giants; Britain’s Guardian newspapers and US-based The Washington Post.
“We’ve never been part of the PRISM surveillance programme,” stresses Vogel. “This means that AWS has never received a request from the FISA (Financial Intelligence Surveillance Court),” he says, adding this also implies that AWS has never divulged any of its customer information in any form to anyone.
Besides distancing itself from PRISM, Vogels also took great pains to explain that AWS is committed to privacy and security and will not move its customers’ data from the regions it resides in.
The technology head honcho for AWS reveals that the cloud player has a total of 10 regions where its data centre resides in; four in the United States, one in Europe, one in Brazil and four – Tokyo, Beijing, Singapore, Sydney – in Asia.
“Each of these regions have cluster zones and we have well over 25 availability zones, which our customers can choose from. But wherever our customers’ data is, it will not be moved, unless the customers want it.”
To further strengthen its compliance and commitment to data privacy and sovereignty, Vogels says that AWS also periodically advises its customers on relevant compliance issues such as new legislations, which are introduced from time to time.
An example of this can be found in how AWS has introduced guidelines for customers in Malaysia as the Personal Data Protection Act (PDPA) 2010 came into force this year.
Quizzed further on he thought of the recent revelation of the Heartbleed bug which blindsided the information security world – a recently discovered flaw in the OpenSSL cryptographic library that could allow hackers to steal information which is normally otherwise protected – Vogels remains philosophical about it, noting that “software bugs are nothing new” and that the cloud has a significant advantage when faced with such a scenario.
“I think everyone was caught by surprise [by Heartbleed],” he says. “Bugs are there and a fact of life forever for software and they are nothing new, and we have to live with them. In fact, my argument is that in the traditional IT world, you have to fix all the bugs first before rolling them out your product to all your customers.
“In cloud computing, it’s a ‘one bug, one fix’ scenario. In the case of Heartbleed, we could immediately investigate where the services were affected or not affected, and we cloud could apply fixes to that.
“This means that when we patched the flaw, all our customers running on our platform are protected. For those customers that were running SSL by themselves, we contacted our customers, with suggestions on to how to fix it.”
Vogels claims that a cloud player such as Amazon has deeper insights to security as they invest heavily on IT security.
“We absolutely cannot do business on the Internet without security and privacy as a number one priority [in today’s world],” he emphasises. “That is why we invest heavily in security and protection of our customers’ data.”
While acknowledging that security, data sovereignty and privacy are important issues to deal with, Vogels believes that a greater impediment to the cloud comes from within the enterprises themselves.
The AWS executive says that the real impediment to the cloud lies not in that enterprises and their respective management do not believe in the cloud proposition, but rather in traditional change management.
“Every change made by any business has an impact to that business,” he explains. “For instance, there will be new processes and procedures introduced and people will need to approach things differently.
“And when new things impact the business, there is a need to find the right advocates within the organisation to champion these changes. This is what traditional change management needs to overcome with regard to the cloud.”
Vogels says that within any organisation, these champions are the ones that usually want to innovate and move quickly but find that it isn’t able to support their vision.
Based on AWS’ experience, he says customers have told him that they need to be more agile in their businesses because there is a need to be more competitive in the global marketplace.
“Moving faster is key in today’s environment because the increasing consumer choice today creates uncertainty in whether a company’s products are able to succeed or not.
“And in a world where things are very uncertain, you need very different resource models. You can no longer have long-term commitments to service providers or [IT departments] but you have to be agile in acquiring resources on demand and releasing resources that you no longer need, while only paying for what you use.
“Cloud computing allows you to do all this. And while most customers tell us they love the lower costs [of the cloud model], the real reason for their interest is that they are able to move much faster [with the cloud],” says Vogels, adding that main area which would help save cost is in the test and development.
Asked what his advice was for companies considering the cloud, Vogels suggests that they start small.
“Start small and not take on a big IT project when moving to the cloud. This enables you to ‘get your hands dirty.’ The cool thing about the cloud is that you can do this easily and take the next two years to ramp up and see what cloud computing is about without having a long-term contract,” he adds.
Small steps are best
According to Steve Hodgkinson (picture), research director at Ovum Asia Pacific, the best practices for any enterprise embarking on adopting the cloud should be the same practices as for any IT procurement, that is to build the right skills to be an intelligent buyer, conduct proper due diligence and always have a tested plan B.
Hodgkinson says companies need to be honest with themselves about the quality, sustainability and affordability of their existing approach to IT and then evaluate the benefit/risk trade-offs of cloud services.
“Too many companies are fearful/ sceptical about the theoretical risks of cloud services while being complacent about the clear and present dangers of the status quo,” he says.
Hodgkinson argues that it is really a matter of gaining skills and experience progressively for those wanting to adopt the cloud.
He says most companies are seeking to start with relatively low risk applications and workloads first in order to test out the model and the vendors.
“Suncorp [one of the largest banks in Australia] is at the leading edge of cloud services adoption, planning to migrate around half of its application to cloud services this year – having tested the approach for the past several years with a range of private and public cloud arrangements," Hodgkinson adds.
Asked what more must be done to advance cloud computing especially in conservative industries such as the financial services, he says it’s all about building trust.
“Think of it like learning to drive a car. It is dangerous to drive while looking in the rear vision mirror but at the same time, it’s also dangerous to drive too slowly. The best approach is to develop defensive driving skills, which can only be done ‘hands-on.”
The Ovum analyst says companies need to get hands-on with cloud services in order to learn the skills to be an intelligent customer in a fast moving global digital services market.
Concuring with AWS' Vogels, Hodgkinson recommends that they start small and work out what works and do more of it or work out what doesn’t work and do less of it and that companies need to try cloud services safely to build experience and skills.
“Vendors need to live and die by ‘cloudy is as cloudy does’ – there is no space in cloud services for vapourware,” he argues. “Vendors must ensure that they invest ahead of the demand curve in order to actually have the cloud services on tap that they are selling.” — Digital News Asia
This story was first published here.
