Mark Ryland, chief architect at AWS, says organizations can realize the benefits of the cloud without having to compromise on visibility and control

Today’s hyperscale commercial cloud providers are not only helping organizations to develop more flexible and efficient business models, they are also making huge security investments that would otherwise be difficult to justify, according to Mary Ryland, chief architect at Amazon Web Services (AWS).

Speaking to delegates at last week’s Cyber UK event, Ryland addressed what he called the “five myths” of cloud computing, including the purported risks associated with multi-tenancy infrastructure; the loss of visibility and governance; and that the cloud is only appropriate for less sensitive data.

“We are making huge investments in security,” Ryland stated, drawing attention to a raft of recent developments at AWS, including the Nitro Hypervisor and the horizontally-scaled Key Management Service, which enables the company to handle millions of encryption requests per second.

“We make many other investments that would be very difficult for our customers to justify, but very easy to justify at the size of our business,” he said.

Splendid isolation

Addressing the fears surrounding the potential risks of multi-tenancy, cloud-based infrastructure, Ryland said: “Our fundamental business is built on providing isolation and control for our customers over their environments.

“In a virtual machine environment, people are concerned about running on the same physical node as another customer, so for years we have offered a feature called Dedicated Instances where we guarantee you will be the only customer on that particular node.

Ryland added: “Recently we even launched Bare Metal EC2 Instances. These are full EC2 instances but there’s no virtualization on that Intel processor – you own the entire node. All of those capabilities give you that increased isolation and control.

“We don’t really have a business unless what you deploy is fundamentally separated from what everyone else deploys, unless you choose to make it open. It’s your choice, but by default things are locked down.”

Mission control

According to Ryland, AWS has been working with its customers to ensure that enterprises are able to migrate to a cloud environment without having to relinquish central governance, control, or visibility.

“For example, you can set up frameworks where the central team will provision accounts, create the basic network architecture, some central logging and auditing, and some security controls that are essentially immutable, and then hand off those environments to the teams that build the applications,” he said.

“This is really a great way to have both things you want.”

Trusting the cloud

It’s now been over a decade since AWS launched its EC2 platform and S3 web storage service. And although cloud computing is still a relatively new phenomenon, the sector continues to evolve at a rapid pace.

Ryland maintained that security is central to AWS’ latest developments, but he acknowledged that many enterprises still view the cloud to be appropriate only for less sensitive data.

“I think this is a reasonable starting point,” he said. “Cloud is a new environment. Your technical teams, your governance teams, and your compliance teams will have to get accustomed to this new world.

“I wouldn’t recommend you start with highly sensitive data. Cloud is not a panacea, but it is helping you to build more secure systems. It greatly reduces the surface area that you need to be concerned about to a much more core set of application security issues.

“But as you use the systems, as you dig in… what I believe you will find is that you are very comfortable beginning to move your sensitive workloads to the cloud.

“And we see this happening again and again with lots of customers – from government agencies to large financial institutions.”

Ryland added: “When you have these highly dynamic environments, where we are literally doing software deployments hundreds of a day, the flexibility and the energy and the power of that platform means that we can deal with security issues super efficiently.”