It doesn’t matter if we are talking about SaaS, PaaS or IaaS architectures. Customers have many reasons to not trust the cloud computing solutions that the market offers today and one of them is the lack of security.
Amazon has the oldest, most popular and very likely the largest cloud infrastructure existing today, and thus it must under continuous fire when enterprise customers evaluate its Xen-based Elastic Computing Cloud (EC2).
The company recently announced a series of initiatives to make EC2, S3 and the other Amazon Web Services (AWS) facilities more secure, and to clarify the level of security currently in place:
- Certifications and Accreditations
AWS is actively seeking the appropriate security certifications and accreditations in order to provide our customers with additional confidence in our infrastructure. In addition, we will continue to publish guidance on how AWS enables customers to build applications that are compliant with standards, such as HIPAA. - Physical Security
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access. - Secure Services
Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. For more information about the security capabilities of each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper. - Data Privacy
AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS. For more information on the data privacy and backup procedures for each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.
We’ll see if the effort will produce a security compliant cloud computing infrastructure that enterprise customers can trust. Possibly before the end of the next decade.