LAS VEGAS -- Even though Amazon Web Services Senior Vice President Andy Jassy admitted this week that cloud computing security is the No. 1 concern of potential AWS customers, attendees at the company's inaugural re:Invent conference expressed confidence in the security of cloud computing and AWS in particular.
During his keynote address, Jassy used strong words to back up his company's commitment to providing a
"It's our No. 1 priority," Jassy said. "We will drop everything we're working on if we think there's a need to fortify security.
"When people dig into the security of AWS, they come away impressed, but customers also find that their security posture improves when they go to the cloud," Jassy added. "Because of AWS' size and what we do, we have a large, expert security team, much larger than what most companies can have on their own."
Attendees at the show, while perhaps not exuding Jassy's sky-high level of confidence, said that the more they learn about how to ensure secure cloud computing implementations, the more achievable they seem.
"Security is doable in the cloud," said Derrick Burton, a Washington D.C.-based IT director for a consulting firm. However, he said organizations must begin to change the way they perceive security when working in the cloud.
"Today, the only way I can protect [an asset] is to see it, touch it, smell it, taste it," Burton said, but that analogy no longer applies when data and applications move to the cloud, where it's under someone else's physical control.
"In a cloud environment," Burton said, "I think we have to give up some of these senses."
While it's not difficult from an IT standpoint to relinquish some control over infrastructure security, Burton said it requires a different mindset. What helps though, he said, is knowing that Amazon Web Services (AWS) has "more security people than I ever will."
Joe Stevensen, a San Jose, Calif.-based operations security manager for a software company, said he was impressed by the rigor with which AWS manages its security staff. He also appreciated the company's careful strategy for managing direct denial-of-service (DDoS) attacks against its customers, noting that a one-size-fits-all approach doesn't work for all organizations.
Ivan Opalka, a software development engineer with The Robot Co-Op Inc., a Seattle-based startup that has received an investment from Amazon.com, said his organization has been using AWS successfully since its launch several years ago. Even though his company is still small -- just six people -- he said AWS is easy to use and that he doesn't have any concerns about AWS security.
Ian Harris, a U.K.-based software engineer for British Airways, said information at the conference had put his last few security concerns about AWS to rest, namely the processes necessary for effective data encryption, both at rest and in transit.
Harris, whose company has been using AWS for about two years for what he called "tactical and promotional" purposes, said he was impressed with the depth to which AWS seems committed to fulfilling its part of the shared security partnership with customers.
Similarly, Carlos Kuchkovsky, global head of digital platforms for Spanish bank BBVA, said after attending the show he feels better about cloud security, as it's a big issue in his organization. However, while he said his company is deciphering how best to secure a cloud infrastructure, many of his colleagues are interested in how it can help the organization's IT infrastructure operate more efficiently.
Rodrigo Colossi, a systems engineer with Itau Unibanco in Sao Paulo, Brazil, said he has a lot of confidence in AWS security and integrity, and is working to convince his colleagues that it makes sense for the organization.
Colossi said he thinks AWS would help his company handle fraud-prevention data analysis. "We have to process it in a very fast way," he said.
"The cloud in my opinion is very secure and we now have a lot of tools available to us to set it up securely and integrate it with our on-premises systems," Colossi said.