Amazon Web Services this morning announced it has launched a new region, this time in Germany, and the company worked hard to assure European businesses that its services are totally secure, even from U.S. government snooping.
The new data centers are in Frankfurt and run on carbon neutral power said Andy Jassy, during a Web cast this morning. The service includes multiple availability zones.
While AWS already has a European data center, in Ireland, expanding into a new region is a bit of a risk because of the distrust Europeans have in the wake of the NSA spying revelations. There was a major backlash in Europe after details of the spying emerged. Some analysts made grand predictions about how much U.S. cloud providers stood to lose, as European enterprises would decide to take their business elsewhere.
During the call, Jassy walked through AWS’s security policies. “Security is a first priority for AWS. We drop everything if we think we need to do anything to strengthen it,” he said. Policies start with physical access control and include controls that allow users to set policies around who can access which AWS functions in which scenarios, he said.
He mentioned that AWS tools can help prevent workers from spinning up instances without IT knowing about them because administrators can track who makes which actions. However, that tool is only useful when workers log in using a corporate account. Users can easily plop down their own or a corporate credit card to access AWS resources.
But the real issue that European businesses will be interested in is how AWS protects their data from U.S. government agencies. The best tool businesses can use, Jassy said, is to encrypt their data and hold the encryption key themselves. “If you do this, it’s a non-issue,” he said.
Time will tell if that’s enough to satisfy European companies. It’s possible that businesses will think that AWS retains some way – knowingly or not – of keeping those keys so that U.S. government snoops can access their data.
Jassy further explained that if any government asks AWS for customer data, the company doesn’t respond unless it’s a legally binding request. In the “odd cases” where it gets such a request, AWS makes sure the request isn’t overreaching or inaccurate and he said the company “aggressively” challenges overreaching request. If the request holds, AWS tells customers about it “where law permits,” so that they have the opportunity to challenge the request on their own.
However, one reason for the uproar about the revelation that the U.S. was spying on people and companies around the world was it was just that – a revelation. Companies were unaware of the practice. In some cases, that’s because in some cases the government requires service providers not to tell customers about the handover of their data.
Still, Jassy downplayed concerns. “It’s interesting to talk about but in practice it hasn’t impacted customers. You can ask our customers. It’s not something people in our platform have had to deal with,” he said.
Jassy named several large European companies in potentially sensitive industries like insurance, railway ticketing, banking and telecom that are already using AWS.
Featured image via Flickr Creative Commons