Two recent events shed light on the challenges Amazon Web Services (AWS) is going to face in attempting to serve the enterprise market. CIOs all over the world realize that for certain workloads, the cloud is just perfect. But when CIOs look at the crown jewel systems where they spend the bulk of their money, at the systems that would cause them to be fired for a failure, the fit with AWS doesn’t seem so good.
The questions I’ve been trying to get a handle on are:
- When if ever will large companies move their crown jewel systems to AWS?
- What will other cloud providers have to do to host the crown jewels?
The two events that shed light on this are the implosion of CodeSpaces due to a hack of their AWS hosted site and the announcement of a private AWS cloud for the national security community.
CodeSpaces Shows How AWS Is a Different World
CodeSpaces is a company that went out of business after hackers took control of the company’s AWS infrastructure, attempted extortion, and then destroyed its data, as reported in The Register.
This is a cautionary tale not because CodeSpaces was hacked, something that happens all the time to the on-premise infrastructure. The incident highlights how AWS lives in a different world. For the past 25 years, IT departments have systematically implemented capabilities for security, operational management, disaster recovery, compliance, data protection and so forth. These systems are vital to ensuring an application can truly support a business no matter what happens.
This incident highlights an important execution problem for self-service public clouds: the fact that security and compliance is only as good as the system you design yourselves and the tools that you actually know about and implement. Building a secure cloud requires highly skilled IT staff trained to provide a strong defense, to safely manage role-based access, and to implement battle tested incident response strategies in a new way. Not every organization has such staff.
For a vast majority of cloud users, it will be better to have a specialist cloud provider take responsibility for the security and compliance of the cloud – especially for critical applications and software.
Could AWS Create a Private Enterprise Cloud?
The announcement of the intelligence community cloud originally specified in the Intelligence Community Information Technology Enterprise plan (see “The Details About the CIA's Deal With Amazon”) marks an important moment in the history of cloud computing. In effect, the intelligence community is saying that cloud computing can meet the highest standards for security.
What is interesting to me is that the buzz about this story has rarely touched on an important point. The computing in the intelligence community is vastly different from the types of workloads handled by the crown jewel systems in large companies. If you have a workforce of tens of thousands of people, if you have a factory that won’t operate if you can’t finish the MRP run or if your MES system isn’t working, downtime is incredibly expensive. That’s why the CIO gets fired for such downtime.
The IC cloud will not be running crown jewel systems. The CIA and other security agencies are massive creators of batch workloads. (Government sponsored hackers from all over the world have targeted AWS for quite a while to get at these workloads. Now they can all go after the IC cloud.)
As I pointed out in “Jeff Bezos Chose the Wrong Forcing Function for Amazon Web Services,” AWS has yet to create a cloud that can handle crown jewel systems. The reason is that most crown jewel systems were created assuming they would run on reliable components. The applications were not created to support the kind of variation in performance and reliability that is built into the AWS model. Amazon is starting to address some reliability problems with Provisioned IOPS Storage, but that is a long way from being able to support the crown jewels.
Don’t believe me? Then check out the details of the case studies on the AWS site about companies using SAP on AWS. The crown jewels aren’t moving to AWS. A close read of the Galata Chemicals and the Viskase case studies shows that only the disaster recovery instances moved to AWS. The LIONSGATE case study is about moving test and dev of SAP applications to AWS. The one case study that is arguably a crown jewel system describes how Macmillan India moved from an on-premise infrastructure that was down 10 percent of the time to an AWS infrastructure that achieved less than 1 percent downtime. This is a victory for a small company, but where are the large company examples?
The fact is that until Amazon provides more support for enterprise quality apps and enterprises learn how to manage AWS as safely as on-premise systems, the crown jewel apps won’t move there.
What Clouds Can Handle the Crown Jewels?
That is not to say that crown jewel apps have to stay on premise. Rackspace has made a fortune by offering data centers that are off-premise but run in a similar manner to on-premise systems. While such managed hosting infrastructure does offload a boatload of IT skills, it doesn’t offer the same capabilities as the cloud with respect to flexibility, automation, and on-demand access to computing resources.
Crown jewel migrations are occurring to clouds that were created to handle enterprise standards. These clouds are constructed to have the kinds of reliable components that the current generation of legacy applications relies on. They have been designed (both software and hardware) for the needs for enterprise quality security, disaster recovery, and compliance. They also have different pricing models. For example, in AWS, you pay for resources you have allocated. In Virtustream’s cloud, you pay for the computing time you use.
Virtustream is focusing on crown jewel migrations. Domino Sugar, for example, moved its corporate computing infrastructure to Virtustream’s cloud.
IBM SoftLayer is seeking to support crown jewel migrations by allowing the same APIs for cloud computing management to be provisioned either with shared resources or on dedicated hardware.
The current situation sets up a race. Will the enterprise-grade cloud providers be able to attract the crown jewels and show their superiority before AWS offers an infrastructure that can support the crown jewels? That’s the question I'm watching.
Follow Dan Woods on Twitter:
Dan Woods is CTO and editor of CITO Research, a publication where early adopters find technology that matters. For more stories like this one visit www.CITOResearch.com. Dan has done research for SAP, Virtustream, Rackspace, Piston Computing, and other providers of cloud technology.
