James StatenAttention enterprises Amazon
Web Services LLC is serious about wanting your business. Over the past 6
months the cloud computing leader has made several enhancements to
its services that specifically address the security concerns of enterprise infrastructure &
operations (I&O) professionals as well as security & risk
professionals. With these moves Amazon is slowly knocking down all the
barriers to corporate adoption of the Elastic
Compute Cloud (EC2) and Simple Storage
Service (S3). These moves are likely to take many corporations from test to
deploy.

Its latest moves to provide virtual private LAN connectivity to Amazon
Machine Images and support multifactor authentication for administration
follow a string of moves that have been demanded by enterprise IT shops. The
key moves started early this year with the announcement of reserved
instances that put a bit more billing predictability in place and make it
more palatable to think about deploying an application on EC2 for the long term
(Amazon Web Services (AWS) recently lowered the
up-front fee for reserved instances making the pricing even more attractive).
This was followed by greatly
enhanced logging and reporting that lets application development managers
and I&O pros better understand what’s happening with their applications and
proactively act against potential infrastructure issues. It even enhanced the administrative
interface giving users greater control and visibility.

The Virtual Private Cloud (VPC) solution isn’t much more
than a supped up VLAN implementation but is one that enterprises will find very
easy to use as the solution is an IPsec VPN gateway that speaks Cisco IOS 12.4
and Juniper OS 9.2. And you can bring your own IP addresses so that
applications inside your data center and AMIs at EC2 share the same address
space and subnet. You can use your normal management, policy enforcement,
intrusion detection and other tools across this VPC as well. You can’t fully
integrate your S3 volumes into this VPC (yet) but if you highly leverage Elastic
Block Store this is less of an issue. There may be some latency impacts to
this solution, but it’s a great improvement.

Amazon VPC architecture diagram for blog

They can’t do anything about the security risks of
multitenancy as this is fundamental to the solution and key to the economic
benefits but these moves, in combination, make EC2 a much more secure and
transparent deployment option than ever before. For many Forrester clients,
multitenancy may be a show-stopper for some applications but don’t reject Infrastructure as a Service
(IaaS) compute clouds outright a lot of non-critical or non-sensitive
applications may fit very well on these types of environments and save your
significant costs along the way.

Other IaaS clouds have similar capabilities to these just
added to EC2. Some provide much deeper reporting, direct control over hardware
firewalls and support for different MFA solutions so you definitely should shop
around for the right deployment platform, but EC2 just got a lot more
enterprise friendly.

Forrester
recommends clients at least experiment with IaaS clouds today and that
I&O publish a policy endorsing the use of these clouds for developer
functional testing at a minimum. Now it is much easier to specify exactly how
your use of these clouds should be configured to comply with corporate security
policies.

By James Staten

Check out James' research

You should follow me on Twitter here