AWS lands in Germany, targets security-sensitive customers
Amazon has announced the launch of AWS in Germany, the second European location launched by the cloud incumbent and the 11th globally. Senior vice president Andy Jassy said the move will bolster the service’s reach in Europe as it looks to broaden its appeal to more regulated sectors.
The two availability zones, located in Frankfurt, are connected via low-latency fibre, are certified to ISO 27001, SOC 1 (Formerly SAS 70), and PCI DSS Level 1 among others, and comply with EU data protection legislation. The company has also published a series of materials covering how customers and ISVs using the platform can conform to local (BSI IT Grundschutz) and EU data privacy legislation.
“Our European business continues to grow dramatically,” said Jassy. “By opening a second European region, and situating it in Germany, we’re enabling German customers to move more workloads to AWS, allowing European customers to architect across multiple EU regions, and better balancing our substantial European growth.”
Jassy said that a number of German customers are already using the platform, such as German insurance firm Talanx, which claims to be saving €8m annually in infrastructure costs and reducing calculation times by 75 per cent when running its Solvency II model simulations on AWS (simulations relating to the amount of capital an insurer must have in order to reduce the risk of insolvency).
Out of all the European countries Germany has some of the toughest data privacy and data residency requirements. And since Edward Snowden’s NSA-related revelations last year a number of German customers (and service providers) have cut ties with US-based cloud providers for fear that their data may be subject to government snooping. The revelations have strained the relationship between the German and US governments.
But Jassy explained that security and privacy actually improves with AWS: “We have such a large team that we employ for security, so they get all of the benefits that come with that,” he said, adding that the platform also offers a range of encryption and private network services.
“If you talk to CIOs… over time server sprawl happens, and they’re always worried about who may have a server and doing something malicious with them. But you don’t have that problem with AWS, you have a single API that you can call that will give you instant visibility to all of your instances.”
On the NSA issue, Jassy said that if enterprises encrypt data and hold the keys, “this is a non-issue.”
“But if any government asks for customer content from AWS, we don’t respond unless it’s a court-ordered, legally binding request. And in the odd case we get a legally binding request, we assess whether it’s overreaching or not – because we often challenge if that’s the case… and if it’s legally binding and doesn’t overreach, we give the customer notice to the extent legally afforded.”
“This is a topic that’s really interesting to talk about, but in practice it hasn’t really affected our customers at all,” he said.
Amazon is still leading the pack as one of the largest infrastructure as a service providers in the world. According to Skyhigh’s most recent cloud adoption and risk report, which includes actual user data from roughly 1.4 million users, it’s still the top IaaS platform today despite how aggressively other incumbents (Microsoft, IBM, VMware and Google among others) have targeted the public cloud market in recent years.
Jassy said that most of these companies – particularly the large technology companies – can’t compete with Amazon because they don’t have the breadth and ecosystem AWS has (350 services launched on AWS this year so far), and because they are “too busy pushing the private cloud option.”
“They’re pushing private cloud because it’s not all that different from their existing operating model. But now people are voting with their workloads… It remains to see how quickly [these companies] will change, because you can’t simply change your operating model overnight.”