Don't place your precious information in the cloud. NSA or no NSA, was it ever a good idea to store your deepest secrets inside of a nebulous black box that you don't control? What sane person would do this in real life?
The price differential between buying the hw/sw & staffing a professional (or team of professionals) to curate and maintain it 24/7/365, or simply off-loading it all to an outside party, could be huge -- I'd dare say huge enough to make or break a company. From an executive POV, why care about data safety, when hosting it yourself makes your business model non-viable?
I realize there are lots of problems with this line of thinking, and I'm not advocating it at all, but I'm willing to bet this has been the case for some.
The vast majority of data, business as well as personal, does not require this level of security. For the remaining 1%, these sorts of measures are worth it.t
Building a government you can trust will take several generations, with each generation providing hundreds of thousands ENTIRE LIVES to the cause. It might be efficient in the grand scheme of things, but from an individual or even corporative point of view, it's terribly inefficient in any timeframe you might consider.
One of the local bike shop owners has 18 shops in two states and does well over $3 million dollars in revenue every year.
They use custom Apple/Mac software for all their POS equipment. You know how many people run an IT department that is charge of that much equipment, people, inventory and software?
Scale that up to five thousand seats. Five thousand seats is big? Not really.
Every day a piece of hardware dies. Every month someone rolls out a new software package. There are many different user profiles, accounting, sales, warehouse, IT, marketing, executive. Then there's that one guy that needs that program that only runs on XP SP1....
Every IT department has to justify its cost per user. Once you get above 1K seats, a lot of things that seem like overkill start to make sense really quickly.
All Amazon is offering is a managed version of what larger companies have been doing internally for years. Just like their server business, it seems expensive until you actually work out how much it would cost to do it yourself.
Just because two can, doesn't mean two can do it well. It takes just one curious or nefarious person to crack the veil. Bike shops just aren't highly visible or obvious targets when weighed against other potential marks.
It's also another example of economies of scale working even if only on a smaller scale than a cloud. The guy has 18 bike shops. That's quite a few. If you have 18 bike shops I really would hope that you'd have somebody running IT for you. Still, it takes 18 bike stores and revenue north of 3 million dollars to power two IT guys. The cloud makes sense for folks that operate on a smaller scale than that, or just don't have access to those resources wherever they're doing their jobs.
Quite right, people do the best they can with what they have available. The promise of the cloud raising the bar on what smaller operations can deploy both in terms of sophistication and scalability vs price to play is certainly a strong factor in it's appeal.
Why do you store your money with an external organisation that you don't control?
Because they offer better security than I can build in to my own home (at least not without significant effort) and they offer guarantees should my money go missing under many (but not all) circumstances (for example, the savings guarantee if a UK bank goes bust).
Do cloud providers offer the same? The guarantees may vary dependent upon service contracts (uptime, backups etc), but the idea that their data-centre was better secured than my company server-room was supposedly a given (at least for most small to medium organisations).
It's the same trade-off though - how much security can I provide versus how much security can they provide?
The insurance is just an incentive to keep my stuff safe (and in the case of savings guarantees, an incentive to keep consumer-facing banks from going bust).
> your deepest secrets inside of a nebulous black box that you don't control
If you have a secret, why would you even store on the Internet? If you are worrying about conversations with your friends, that kind of privacy, don't log it. If you can't trust Google/Skype, you have to find your own solution.
For me, I got a lot of cat photos and I don't know what NSA could do with my cat photos.
Legally or due to your privacy concerns? Just looking for clarification on your statement of "Can't" if that is a personal preference or legal obligation for government/corporations doing business locally.
There is a general, Europe-wide restriction on exporting personal data outside of the EEA to somewhere that doesn't provide an acceptable level of protection (which by default the United States does not).
There is also a Safe Harbor scheme that is intended to overcome this problem so working with US businesses is still possible if they provide additional safeguards. However, it's now clear that no business operating in the United States can actually offer the required guarantees, no matter how sincerely they might wish to. It is therefore unclear whether a European business relying on Safe Harbor to cover its rear would actually have much of a case in court if one of its customers were actually damaged as a result.
I've seen a lot of businesses at least considering pulling out of US services, cloud or otherwise, for this reason in recent months. Some are sticking with it, on the grounds that there is safety in numbers: no government regulator really wants to damage global trade by making examples of businesses who are just trying to do their work and acting in good faith, and if you're dealing with a similarly honest business from the US then the odds of an actual customer complaint are probably low enough that it might be considered an acceptable business risk. Others seem to have lawyers who are more wary and fear the penalties of something like a mass leak across the pond that would come back to bite their clients back home.
In addition, some nations in Europe are a lot more concerned about privacy both legally and culturally than the US, for obvious historical reasons if nothing else, and they may have stronger laws still.
> There is also a Safe Harbor scheme that is intended to overcome this problem so working with US businesses is still possible if they provide additional safeguards. However, it's now clear that no business operating in the United States can actually offer the required guarantees, no matter how sincerely they might wish to.
Can you provide more data on that?
I'm 'only' a system administrator, but I'm working for a company that is doing business in the both US and UK.
Real Soon now we're going to be standing up a stack in the UK .. but I'd like to know what safeguards I can't guarantee so when I'm dealing with _two_ data sets and _two_ code bases and squared complexity I know _why_.
I don't know anything special that hasn't been all over the news anyway.
Basically, the US government seems to be actively trying to compromise data held by US businesses on non-US citizens. That same US government has made it clear in public statements from the highest levels that they don't consider foreigners to have any privacy rights at all that should prevent this.
Given that this all happens in secret, any promise made by any business operating in the US that they will safeguard personal data of non-US citizens to the standards required by European law is now known to be worthless, even if it was made with complete sincerity.
This is now common knowledge, and anyone controlling personal data in Europe would have to take it into consideration when applying the general data protection principles. In other words, any legal cover afforded by the Safe Harbor scheme may not be worth anything any more. (In case your question was intended to be about the Safe Harbor programme itself: This was created so that US businesses can be used to process personal data from Europe, as long as the US business promises to uphold similar data protection standards to those required by law of European businesses.)
So the bottom line is that as a European business, if you don't have adequate disclosure when you collect any personal information that basically says it might be exported to somewhere without any safeguards on how it's used, and you don't get prior informed consent from everyone whose personal data you are dealing with, you might be on the hook legally for regulatory non-compliance as well as for any actual damages that result from any breach. Whether it's possible to give prior informed consent to a carte blanche handling of the data is itself debatable.
(Just to be clear, my comments in this thread are based on the perception of the current situation as I have encountered it anecdotally in a few cases. Some of the people I've spoken with may have taken legal advice, but what I've described here is not based on formal legal advice I or any of my own companies have received. Please consider these notes as food for thought only and for goodness' sake don't rely on them instead of taking proper advice if these kinds of issues might actually affect you.)
Presumably because of FISA orders. Other countries have their equivalents of the NSA, but as far as I know none of them have a law preventing companies from announcing that their respective agency has grabbed a user's data.
> Other countries have their equivalents of the NSA, but as far as I know none of them have a law preventing companies from announcing that their respective agency has grabbed a user's data.
It's hard to know exactly what the US law is too because it's classified. I would not trust that any country is safe from snooping--always assume it will happen.
US law is not classified. The exact ways that the executive enforces and upholds the law sometimes is, but the law itself is not.
That was what led the initial opposition to the Patriot Act, FISA Amendments, etc. was that they would make NSA programs like the ones that have hit the news substantially (if not completely) legal. That's apparently not what Sensenbrenner had intended when he drafted Patriot Act, but it was exactly this kind of issue that was raised at the time by privacy groups and promptly ignored by policymakers.
> In more than a dozen classified rulings, the nation’s surveillance court has created a secret body of law giving the National Security Agency the power to amass vast collections of data on Americans while pursuing not only terrorism suspects, but also people possibly involved in nuclear proliferation, espionage and cyberattacks, officials say.
> But since major changes in legislation and greater judicial oversight of intelligence operations were instituted six years ago, it has quietly become almost a parallel Supreme Court
> “We’ve seen a growing body of law from the court,” a former intelligence official said. “What you have is a common law that develops where the court is issuing orders involving particular types of surveillance, particular types of targets.”
Again, what the executive does is sometimes classified. This includes foreign surveillance by the very definition of national security. The U.S. having a FISC at all is unusual compared to the standards of other nations, where foreign surveillance may very well be done completely at the whim of the executive. We should push for improvements to the oversight process, but I can envision no such feasible improvement that would allow the public to see exactly what the government is doing (since then Russia, AQ, etc. would also know by definition) so at some point you're going to have a trust a third-party.
The safe and conservative option is to assume that the executive is doing literally anything permitted by the public law without the aid of 'activist judges' (as the GOP would say) on your side of the argument. This is exactly why it is so important to be judicious in crafting legislation, as the judges will operate by what's in the written law not contrary to the Constitution when the law is clear. They only start worrying about "what the legislators meant" when the law is fuzzy.
That's also why it is important to quickly get a legal framework around foreign surveillance that includes recognition of the fact that the Internet is global while the Fourth Amendment is domestic. MUSCULAR is a pretty shocking breach of what we all understand the Fourth Amendment to mean, but I guarantee that it's technically legal. It shouldn't be, but the Fourth Amendment has long been known to effectively not apply at all outside of CONUS.
My understand is that since Amazon is a US-based company, they could be forced, by the US government, to turn over data that is hosted in other countries. So using an Amazon cloud, even if its based in the EU, is still not possible.
EDIT: well, I guess I'm sorta wrong. The whole thing looks complicated. Making sure you don't violate German data protection laws is confusing [0][1].
You are not wrong: Amazon now agrees not to move data from EU servers... unless compelled by authorities. US authorities can force Amazon to open their data centres wide open, regardless of location, at any time under Patriot Act provisions. Before Snowden, this was considered a far-fetched scenario, unlikely to ever pan out in practice. We now know that it happens pretty much every day.
The Safe Harbour program is a weak attempt at saving face: as long as the Patriot Act exists, no US-based company will ever be able to comply with EU privacy laws as they stand. Being "compliant with Safe Harbour provisions" only means that they're making promises they won't be able to keep.
how comes that governments are allowed to destroy international relations, just to keep "control of everything"? I can't find any reason that would give the government an advantage for doing so. Ok, one maybe, selling insider data to traders, companies and enemies. But we have no proof for that.
I can feel your pain. It's a very weird situation in Germany for people like us.
Legally it's not allowed, but you have to have ten lawyers backing you to make people in your company believe you that Office 365 and other SAAS Software isn't legally usable... Google Apps for Business, ZenDesk... We've just faced this situation with a customer who we've shown several lawyer inquiries we've sent about this topic and he flatout replied: "Well i guess your lawyers aren't very good then."
It can be legal – with information and consent. And it's done all the time. Of course, customers don't pay for using crappy and expensive European IT solutions. Dreaming of a European cloud is great but the leading providers are American.
Those guys pitched at the Pioneers Festival in Vienna two weeks ago, and there's really something to the idea of a private, plug- and play box in your office which hosts something like a cloud. They are from Germany, too. It's too expensive for our uses, though.
German companies can and do use services like Office 365, AWS, and others. Obviously some choose not to due to concerns about who might access their data, but there are no legal issues preventing them from doing so.
exactly. see national securities letters. It will spur european services though and self hosted cloud solutions: own cloud and the like.
I am looking forward to see more of those initiatives. This growing distance between one and ones data is a dangerous path anyways, see also the rise of appliances and the decline of full access pc. it takes responsibilty away and media competence.
How sad that this is launching after the NSA scandal has pretty much ensured it will fail, and perhaps can't be achieved for decades.
This is almost certainly the most efficient and optimal way to do desktop computing. We've been waiting really for decades for networks and CPUs to get good enough that it's actually viable for a real good experience on the client end. And when we finally get there, the NSA and others are here pissing all over the party.
I hope that some day there is a full accounting of the enormous economic damage caused by the reckless, dangerous people in charge of these organizations.
> I honestly doubt 99% of consumers care, since the NSA isn't concerned with their business.
The NSA is hardly the only organization/party who could exploit a service like this. Every local police force could get a warrant to search your personal computer data without you ever knowing.
I recently attended a talk on wiretaps by a lawyer recently, and when there is an investigation going on, police used to tap 1-2 cellphones a few years ago. Now 50+ people at a time are brought up on a warrant. Including a lot of people who aren't related to the crime (for ex. the targets mother).
So who is the "1%" of that 99%? Who should care about their privacy? How do consumers know they aren't in that 1%? The answer is they can't and they don't know.
But ultimately, they just don't care. Until it:
A) affects them personally (or to someone they know),
B) someone explains why it matters (if they have a technical knowledge gap)
C) widely publicized examples of abuses become part of mainstream news
Those three combined could eventually become widespread enough to destroy services like this. But right now, yes, the risk is still minimal in terms of public perception.
"Every local police force could get a warrant to search your personal computer data without you ever knowing."
They can also get a warrant and come to your house and go through all of your stuff (including your personal computer) there. Of course you'd know, but not until it happened. There's no real "protection" from a legal search warrant.
The privacy implications and constitutional externalities are much larger (and easily abused) when it involves the interception of voice calls, emails, sms, locations, etc and now potentially all computer activity that happens in memory.
Wiretaps involve analyzing past data and actively monitoring new communications. Including every person you call or every website you visit. Police often have to delete 99%+ of intercepted data because it's irrelevant to the case.
That's different in many ways from a single physical search warrant on a house or computer.
And now they are becoming the go-to investigative tool for every criminal case...
I'd wager police also have to ignore 99%+ of the junk in your house when they execute a regular search warrant. They're going to look through your underwear drawer, but they're not actually going to confiscate all your underwear.
99% of the things sitting in any persons house at any moment is not as private as their ongoing phone calls, emails, websites they visit, etc. Nor does it simultaneously invade other peoples privacy in the process (any person they communicate with)... over a multi-month period.
Using your analogy, the 99% of things the police are supposed to ignore, such as their clothing drawers, does not carry equal weight in terms of privacy.
I'm not unique in having this position, lawyers/judges/courts view it as a much broader breach of privacy as well and they (often) require much stronger legal restrictions for the police than a standard search warrant.
Totally different level of scrutiny. Your home is your castle, and the police need to demonstrate cause to violate the sanctity of your home. The scope of warrants is usually limited as well. The police need to look for specific things. Also, unless the police demonstrate that you are associated with the crime, the police won't get a warrant to search your home because your brother committed a crime.
Third party requests for data are different, these often only require court orders or subpeonas, which don't receive nearly as much scrutiny. Your information may be accessed by an investigation relating to another person, for instance.
Your best privacy protection is to store stuff at home and access it remotely using an encrypted link, and to store your credential securely. (Think smartcard.)
That doesn't really scale does it. I imagine the tax man, however could set up some very nice cloud-based big data trawls for documents containing evidence of undeclared income.
But the decision to purchase this will be made by businesses. Are you equally confident 99% of businesses won't care about literally 100% of their corporate information sitting with Amazon, which in the past has shown its willingness to subject international customers to US pressures?
The growth of cloud (storing all your important shit on hard drives owned and operated by someone else) has been increasing these past few years.
I thought the world had gone batshit insane even before the NSA leaks, but it appears I was part of an incredibly small minority. Some people may have come to our side, but not many. Because really, if you don't care that Company Y has access to your shit, what difference does another third-party make?
People that think like me are definitely the minority, unfortunately.
> I honestly doubt 99% of consumers care, since the NSA isn't concerned with their business.
True, but some of the rest (like me) are more concerned with Amazon (or Google, or Facebook, or Apple) having access to their information than with the NSA. Personally, I'd rather have a government spying on me than a corporation.
This service really doesn't strike me as something the average consumer would use, at least not directly. This seems to be targeted at businesses, which are much more likely to care about potential NSA or other similar snooping.
Here's the reality, as I see it - most businesses, that is to say, (US) commercial enterprises that operate within the confines of the USA already comply with any and all search warrants, FISA letters, government requests, and so on.
In fact, most of the traditional large enterprises in the US keep teams of people around to operate policy and software solutions solely to archive and protect data that may apply to government and civil investigations.
Large enterprises are concerned about individual actors - "hackers", competitors, unscrupulous investors who want to gain access to sensitive information. If the government comes calling, they'll just give up the information, because why do they care? The vast majority of large companies in the US don't store sensitive information on behalf of their users like Google does. If Exxon-Mobil can save $30m/year by running VDI on Amazon, they will - if the government wanted the contents of any employee laptop, they'd turn it over anyway.
It's end-users, service providers, and politically active organizations who don't want to put their compute on centralized infrastructure.
This is aimed at business. I already know for sure that my work computer, email, chat, etc can be read at will by my IT department. They can also hand over absolutely all of it to law enforcement at the slightest whiff of liability. So, really the NSA business is not relevnt.
> I already know for sure that my work computer, email, chat, etc can be read at will by my IT department
Yes, but it's not about you. It's about your company, the legal obligations they have to protect your data, their customers data, and their internal IP from outside intervention.
Consider that you have a legal obligation to protect the privacy of your data. Now if you are served a warrant to give up the data or to secretly tap connections to your server, you are probably legally covered. But when they just go straight to Amazon to get your data you have no such cover. Users can rightly ask why you put their data in a place out of your own control, your own legal accountability.
Prior to this year, one would have said that such events were so extremely rare, and in such exceptional circumstances (on credible threat of an immediate major terrorist attack, etc) that it was an acceptable risk for a business to take. That's now flipped. The presumption is that if you store data in the cloud then it is being routinely intercepted and is freely available to a multitude of parties outside of your control. That's the crucial change that is going to put cloud storage and services off the table for anyone with sensitive data.
There's nothing you cand do and nobody will sue you. They can use other methods to grab the data, if they really wanted to. It's not as if you'll be completely secure if you don't use Amazon's services.
If that's something that affects 0.001% of business, and if some culprits have been found and punished (for the leaks to come out), then businesses will probably continue using AWS and not caring, thinking "what are the chances"?
Except if something causes direct and measurable money loss, they wont really care, even if it's proven to have hurt this or that other company.
Not trying to deflect any blame away from the NSA, but I think its likely there are other nations' spy agencies (and cyber-criminals) doing similar things that have not come out into the open yet. What I mean is that if it wasn't the NSA revelations, then it would have been other ones coming out at some point, with the same effect upon cloud services.
Only most other nations doing such either are already bedfellows with the US (the "Five Eyes" et al), or don't have any real reach and power to do anything major spying or even to take advantage of any data they can gather.
>How sad that this is launching after the NSA scandal has pretty much ensured it will fail
I very much doubt 95% of the potential audience will even care about that.
>This is almost certainly the most efficient and optimal way to do desktop computing
I fail to see how it's the "most efficient" and "optimal". I don't see anything optimal about struggling with network level latencies in some remote shared system.
>We've been waiting really for decades for networks and CPUs to get good enough that it's actually viable for a real good experience on the client end. And when we finally get there
For tons of applications we'll never "get there" (compared to client computer). The latency, even the one caused by the speed of light limit (200 ms for a roundtrip around earth), is big enough to be disturbing for a lot of desktopy stuff -- much more if you add all the additional latencies and factor in common connection speeds.
Dear HN, can we please reduce the frequency of the same inane NSA wits in every single discussion? If there are new informations or interesting opinions I’m glad to read them, but repeating ”NSA! ah-ah!” in every single article doesn’t add anything or help anyone. Awareness is already very good in these quarters, I think any HN user knows the situation and has formed an opinion about whether to assume that every communication is tapped or how much encryption is sufficient for their case.
I actually think that the fact that NSA's spying isn't just used for anti-terrorism purposes but also for industrial espionage is news to some people - even on HN. And it's extremely relevant to decision makers who are considering Amazon WorkSpaces.
Posting about it on HN isn't going to do anything. Have you called your congressman? Your senator? Your president? If you can't answer yes to all 3, take 5 minutes to do that instead of posting another comment on HN.
I'm also not American - and I figure it's worth pointing out the risks and responses from a non-US person's point of view to the HN crowd.
As I see things, the only possible way that the NSA's misuse of their powers (specifically regarding non-US persons) is likely to get curbed is when companies realise there's significant revenue implications. I have _zero_ voice in US intelligence gathering policy. I _do_ though, have the ear of people buying services from US companies who _do_ have a voice in forming/changing those policies. Google's position at the top of the web search food chain, and the amazing advertising business they've built on top of it, might not be enough to justify the risks involved in exposing all that data to the NSA. Microsoft/Yahoo/Google's enourmous slice of the webmail market is also a dubious value proposition if you evaluate the risks in a certain light. Amazon's dominance of the "cloud" market isn't unassailable if you take legal jurisdiction and corporate ownership into account. Salesforce becomes suspect as well for non-US users (both as a CRM and their entire force.com platform).
Those are my most likely allies in lobbying for non-US-citizen's basic human rights online. If Google, Microsoft, Apple, Yahoo, Amazon, PayPal/eBay, Facebook et al. don't start telling your government that they're losing significant revenue because of the behaviour of US intelligence gathering services, then "outsiders" like me are inevitably going to have to find alternative jurisdiction to buy those services (and to create/use replacement services with robust modern anti-nation-state-snooping levels of crypto baked in from the start. Who wants to bet against Silent Circle's Darkmail becoming a serious SMTP replacement because the Brazilian or Equadorian or German or Chinese government mandates it's use nationally - even if it's only done as a political point-scoring "stunt", something like that could be a _major_ win for global internet privacy.)
Well, what are the risks off exposing your data to the NSA? This seems to be assumed to be this terrible thing, making it worth it to undertake expensive and annoying measures to avoid it. Do you really think this is going to be worth it to anybody? What is the story by which a specific calamity befalls someone whose data is caught in the NSA dragnet?
As others have pointed out, the NSA can spy at will everywhere else in the world. Nevermind that Germanies spies are probably in on the scheme.
The risk from private bad actors on the internet is much higher.
Industrial espionage is a very real thing with very real risks for larger companies. Here is one example of how NSA could use (and may have used) the data they're collecting to help American economic interests:
http://www.techdirt.com/articles/20130909/04383424450/latest...
From examples I've read about and noticed over the last 5 or 6 months - things like "parallel reconstruction" leading to non-intelligence services targeting people for drug offences, things like journalists being bailed up at customs by DHS staff with printouts of personal email, things like the Perobas (the Brazilian oil company) revelations/suspicions. And _most_ obviously, the Snowden leaks themselves. Snowden leaked everything he did publicly at _great_ personal cost – is it even _vaguely_ plausible that others in similar positions to him haven't abused the NSA data collection for much-better-hidden personal gain? If I could have been snooping on all incoming and outgoing YCombinator email over the last 5 or 10 years, how many "lucky" investments do you suppose I could have made?
Even if I agreed that it was appropriate/acceptable for trusted NSA staff to have access to all global email/phonecalls/whatever - it's _obvious_ they don't have adequate protection in place to prevent mis-use. When they've got cutesy nicknames like "LOVEINT" for things that are obviously so common, yet are (or should be) criminal abuse of positions/power – how could anyone accept "the NSA dragnet"?
I understand "national security" is important. I understand "stopping terrorists" is needed.
I also think if the US government, people, and businesses think "the rest of the world" will just sadly watch on as they allow the NSA to continue doing what they are doing, they are mistaken - and the blowback will be _astoundingly_ counter-productive for the NSA's _important_ goals. When it becomes clear that we need (and can create) things like strong crypto with easily useable software, TOR-like anonymising techniques (but not, of course, your US government designed and probably exploited TOR), encryption where we trust both the math and the implementation (and by "trust" I mean trust mathematicians and software crypto experts from non-US backgrounds, and preferably from conflicting backgrounds as well - I'd take software/crypto advice agreed to by a majority of Russian & Indian & Brazilian & Equadorian & Chinese experts over conficting advice from Schnier or Zimmermann or and US or Five Eyes affiliated person/business) – we will. And when "the next level" of "secure against the NSA" communication tools become available and widespread - and widely made available to politicians, businesses, journalists, and regular citizens - guess who _else_ will have it? And how will the NSA conduct their "war on terror" then? (and their less acknowledged but very real "war on drugs" and "war on non-US companies profits" and "war on journalists critical of US policy" and "war on US citizens demanding their government be held accountable"?)
That is an interesting observation of blowback from NSA overreach (stronger crypto enabling bonafide bad actors to escape detection).
I appreciate the response, as I feel like many people post here with sort of an implicit perspective that it is obvious that pervasive NSA spying is a catastrophe.
I still maintain that all of the issues you've outlined are not going to considered that bad by your average citizen. Especially in comparison to the pain and cost of duplicating Google's type of services on a personal or organizational level.
So what is interesting to me is that, if you grant my premise that your average civilian is not going to be that upset by this, so many tech types have such an opposite response.
While it may be more doable for a techy to set up secure web services, it still strikes me as an outlandish use of resources given that the vast majority of them truly don't have anything to fear from the NSA.
Figures like Snowden are a special case, as are anti authoritarian crypto activists, as the intelligence community obviously sees them as a threat.
My thinking generally is that there is no way to stop the NSA and similar agencies from spying like crazy. So if we all just assume that all of our electronic communications are non private, it simplifies the issue. (Considering the internet as public space). So to have secure computing, you simply can't hook your computer to the internet.
What is more disturbing to me than the spying is the ridiculous over use of secrecy and classification, which I think breeds far more opportunities for abuse. For pulling the curtain back on this, Snowden is a hero.
> I actually think that the fact that NSA's spying isn't just used for anti-terrorism purposes but also for industrial espionage is news to some people
I was involved in an investigation and Amazon was the only company involved that downright said "our lawyers reviewed your claims and your warrant is too vague and is unsupported."
Goes to show that judges sign anything these days; it's important to have a company that has your back. Comcast gave me up in a second.
Jeff,
Are there any plans to offer something like ubuntu images in the future for VDI? Many developers really don't use windows much anymore, and you could probably offer a more competitive price point when there is no need for licensed software. Obviously we can set up our own stuff using raw EC2 instances, but having a simple solution like this is definitely appealing.
We'll certainly keep an open mind and think about offering other OS's in the future. Like every AWS offering, we launch an MVP and then iterate rapidly.
I'm guessing the HN crowd isn't really the target for this offering, though its clients may be. Having the full MS suite is a big deal, especially where there's ancillary storage right on board (and similarly firewalled).
A very interesting move by Amazon. Wish it was available by the hour, though.
My first question was "can I add my own items to the bundle" (and the answer is yes although that info should be more prominent.)
My second thought is the price point is to high but obviously that will come down (However by having a high price point you will invite competition.)
I'd like to use this just to be able to use the vsphere
app which runs only under windows. So from a mac I have to connect to a windows box by screen sharing. I could use this. But the $35 price point is way to high for doing that.
The $35/mo is a very aggressive price for VDI in general. Their TCO calculations for on-premises VDI[1] isn't too far off the mark. Microsoft still needs to be paid and SPLA licenses presumably account for a good share of what you're seeing here.
Amazon doesn't have a history of entering the market at a high price point. It might be high for your use case, but your use case isn't what they're after. VDI is a desktop replacement where you run all your applications, not just one or two on an as-needed basis.
Sorry to be the jerk. Small error in an opening paragraph (probably from a last-minute edit):
> Your users can access the applications, documents, and intranet resources that they need to __get their done__, all from the comfort of their desktop computer, laptop, iPad, or Android tablet.
Otherwise, thank you for the detailed write up... I almost never watch launch/demo videos
Jeff, thanks for the write up.
You mentioned 'Windows 7 desktop experience'. Is this Windows Server 2008 themed to look like Windows 7? AFAIK, Microsoft has restrictions on putting Windows 7 on cloud instances.
This matters due to font-rendering differences between desktop and server editions, and my use-case is around web design.
> This matters due to font-rendering differences between desktop and server editions, and my use-case is around web design.
I'm curious. What are the font-rendering differences? Are you sure it isn't caused by Remote Desktop or by the difference between software and hardware rendering?
It might be referring to the "Desktop Experience" feature of Server 2008R2, which applies the Win7 basic UI and allows theming, but not necessarily Aero or any of the graphics intensive pieces. It also installs the "desktop" apps.
I think their timing is quite bad. I doubt many non-us companies will start to move a big part of their infrastructure to the cloud of a US company right now.
On the other hand for smaller businesses that don't have to fear espionage this could be a really cheap way to lower costs.
I've been managing full 2,000 virtual desktops and about 100 servers... I've been looking for a way out! (out of licen$ing/$oul agreement with MS and VMWare).
Of course latency would be an issue, I wonder what solutions they have for low/limited-capacity clients.
It says it's powered by PCoIP. I've tested one of the PCoIP hardware thin clients before, and it works really well across a WAN. An employee ran from his home a graphically intensive 3D render application at 1920x1080 on one of the EVGA thin clients. We didn't test it across a 3G connection or anything like that.
Talk about high TCO! (yes, you still need the hardware to run this service). With office going online now, I'm wondering what their strategy is. This is really not what I was expecting.
Excluding your endpoints, do you have a current cost accounting of the entire infrastructure capex, opex, software licensing, and any professional services behind your existing 2000 seats? I work extensively in this field and the numbers they are throwing out are extremely competitive with existing on-premises View or XenDesktop implementations I've been involved with.
We're running on 4-5yr old hardware... and our maintenance contracts, even though high wouldn't amount the yearly costs to use this service. This is at least a decent option if you're planning on new infrastructure.
What about the costs of running the hardware - power, cooling, network switches, storage arrays, datacentre rental (or opportunity costs of using a server room versus more desk space for example)?
Not saying it still wouldn't work out cheaper for you, but worth bearing in mind.
Come on, you know better than this. Microsoft has given everyone good reason to be skeptical of every other Windows version. XP? Solid. Vista? Nope. 7? Solid. 8? Off to a rocky start...
He's referring to the out-of-date and inferior version of Internet Explorer (hence his use of caps).
They could have installed IE10 or IE11 -- which are good. I can't think of a good reason for installing IE9, though maybe someone will come up with one...
I'm genuinely curious how this app that works with IE9 can't work in IE10. From my experience, Microsoft has put a lot of effort into making IE backwards compatible. You might have to force IE into a specific mode, but I can't imagine an app for IE9 not working at all in IE10.
We've been in the tough situation where some business/banking websites only worked in IE9 while others that we were having trouble with only started working properly in IE10. Ultimately we rolled back to IE9 because the former out numbered the latter and because IE9 is still the standard version of our corporate image.
IE10 snuck onto a few servers and unrestricted desktops because it was installed silently through Windows Update along with the normal patches. That did give us the unexpected opportunity to test it out with real users.
You'll be surprised, but most of enterprises use XP and Windows 7. They don't use Windows 8.x for variety of reasons: cost of education, existing OS is good enough, their intranet web sites designed against IE8/9.
> Amazon WorkSpaces clients are available for both Windows and Mac computers as well as for the iPad, Kindle Fire, and Android tablets.
How am I saving on licensing cost then? If I can install the client on a Linux machine, it makes sense. If I need an Apple or a Windows machine I'm ... double licensing?
Because you are probably buying hardware from HP, Dell, or Lenovo with mandatory OEM licensing. (Unless there's actually a cost-efficient option from a major manufacturer to purchase a large number of machines without Windows?)
I don't think the objective is to save on licensing costs. I think it's to save on hardware and possibly deployment costs. Also, the primary use case seems to be using a thin client.
The double licensing is problem, but this would work nicely with a BYOD policy. You could use your own computer anywhere, but corporate data is still stored in a secure location.
look at the TCO page for the announcement [1]. The biggest cost savings Amazon is touting lies in reduced IT staff and total elimination of hardware costs. By their calculations, the licensing is only 3% or $3 per seat for a 1,000 person business unit.
That's the elimination of server hardware costs, though I can't imagine just chucking stuff in the cloud with no local backup. (Amazon has lost data before.)
There's still a client PC cost...
There are also the times when either Amazon (or Google Apps & Docs) or the network goes down and you have the odd thousand people sitting around wondering what to do. That's always lots of fun.
I can see this really helping with the BYOD revolution that's happening in enterprise. There's been an increasingly awkward mix of personal use and data with computers meant for corporate work. Virtual Desktops done well can really help here.
I can see more companies providing funds to employees to buy the device they prefer instead of provisioning a machine for each employee (ours does that already). Then the computer can be used locally for personal needs and through the virtual desktop for work.
Though as I've been traveling more lately, I can see how the need for a persistent, high-quality internet connection can be an issue in the field.
How powerful is the 1 vCPU? If it is anything like 1 EC2 compute unit then I don't see this being useful for anything more than basic office work (i.e MS Office).
Plus if I already need a computer running OS X or Windows then why would I want to pay again for renting a Windows license (As in, the monthly cost will include the cost of the Windows license)? How would the specs of the Amazon WorkSpace compare to the existing Windows or Mac Desktop PC? It might be more useful if I could use a thin client running some barebones Linux distro to access the remote workspace.
This is not for you, it's for an IT department with a nontrivial number of desktops. You pay again because centralizing users on a single machine that you can update/troubleshoot/fix/install software on once is often more cost-efficient than trying to manage 1000 autonomous Windows desktops.
I know it is not designed for people like me, else I'd be asking where the Linux options are ;)
I don't work with a company that has a large IT deployment anymore but when I did their processes was not that different. They had a single image that was on every single PC and contained "standard" software. If there was any kind of problem with the machine, they'd just reimage it remotely (PXE) and if it still had problems they'd just send the machine back to Dell and get a replacement.
Although management/maintenance was not really my point. Rather, if you already have functional working machines with Windows / OS X (or have to purchase them) then Amazon WorkSpaces seems expensive. If it was accessible via some cheap thin client that did not require a separate client OS license (+ the hardware that comes with machines ables to run Windows / OS X) then it would seem more appropriate.
This is common, but Virtual Desktop Infrastructure is increasingly common currently. The only novel thing about Amazon's program is that the server is in EC2 instead of the corporate server closet.
As I understand it, some of the motivators are:
1) The image is immutable (by normal users). Each startup is clean, so the potential to screw up your install is very low. Only user folders (redirected to network storage via GPO) persist.
3) Unlike an RDP setup, each user has their own OS instance so you don't have concurrency issues.
4) Windows Server and User/Device CALs are indeed very expensive. However, license costs for the clients are not even slightly relevant because mainstream desktop/laptop hardware comes with mandatory OEM licensing anyway and large businesses are not typically building their own PCs.
I'm wondering what customers they are targeting this to? A lot of big companies who would care about data on laptops probably have an equally kneejerk reaction to data in the cloud. You could argue it's for small companies. But they have to be a certain size before something like this starts to make sense. I don't do desktop support IT kinds of things, so perhaps I'm being a bit too sweeping in my generalization?
If latency becomes a non-issue (ever tried using remote desktop or even SSH over a high-latency connection?), I think this stands a very good chance of succeeding and making IT's job much easier.
Completely off topic, but regarding SSH over a high latency connection - it's actually remarkably good as long you don't have loss on your link.
I'm currently working with a client in Singapore that requires that I connect to their data center through a B2B L2L IPSec tunnel that is sourced in California. So, From Singapore, I connect to the VPN concentrator in California, and then from there, connect to the clients site in Singapore.
So, every keystroke that goes to a server approximately 100 meters from me, Starts off in Singapore, crosses the ocean to California, comes back to Singapore, returns back to California, Comes back to Singapore again.
I do this for about 8-10 hours a day - completely workable.
Oh, and the Connection to the internet that my VPN connection rides on is a 3G modem, no less.
I've done this before too (even down to it being a SG -> CA link!).
I think the best practise is to automate. Waiting on individual key presses to be echoed back when there is latency is incredibly frustrating, a slight delay while a shell script runs is completely unnoticeable.
I think a lot depends on how good of a typist you are. If you can confidently type fast, it's no problem. If you're prone to typos, latency can be unbelievably aggravating.
Latency would be my biggest concern with the service, sometimes even an X11-over-ssh session on a local network can be incredibly slow to use, putting it across the internet doesn't do much to help.
X11 over ssh is really slow. Windows RDP, VNC or Teamviewer are generally pretty fast to the point where it makes almost no difference to the normal Desktop user.
This solution is utilizing PCoIP[1] which is a very mature protocol that can support things like video streaming, adaptive compression, and remote USB device passthrough. It's nothing like VNC or X11, and I have a number of customers running thousands of users with it. VMware also licensed this protocol for their View product and it's been very successful in that space. While I generally prefer the ICA/HDX stack for VDI use, PCoIP is pretty damn nice and it's a great choice for this kind of offering.
I second this. The protocol is incredibly fast, even over a cellular connection when zipping down the rail line on Amtrak. On a LAN I can use VMware PCoIP on an Apple Cinema Display and there is zero lag (hard to test the Cinema Display on Amtrak!). I don't know what black magic they use under the hood, but it's the only remote protocol I've ever used that didn't make me want to throw my computer out the window.
Sounds interesting, i wonder if something like this will replace home computing in the future. How is the performance when watching videos or playing some casual game, does that still work ?
I haven't done any gaming with it, but web video played in the browser works the same as locally. I haven't tried any full screen stuff like movies though. For regular application usage there is no perceptible lag for things like scrolling, editing, highlighting, etc...
In my experience on a Gbit LAN, RDP is really fast, VNC and TeamViewer, not so much. I'm connected to a Windows 7 machine via RDP and to a Mac via VNC (even though I used to use TeamViewer) with Remmina on Ubuntu.
If you could spin up an instance for an hour, this would be useful to those who want to buy from US stores that block by IP (cough Nexus 5 cough), but don't want to go the VPN route.
I can think of a bunch of other use cases. E.g. Student spinning up an instance to work on an essay or powerpoint presentation. But yes, it looks like the pricing is not by the hour :(
I remember building something similar for a class project as part of my undergrad degree. It was basically a website where you could sign up for a virtual desktop and use the nx protocol (https://www.nomachine.com/) web browser plugin (it felt like there was no latency) to view the remote desktop. We supported Ubuntu Gutsy and Windows XP SP2. It worked great on those little Eee things that were popular at the time -- access to a desktop environment with a quad core on an Eee.
This was around 2007-2008 or so, so it's tough to find anything that still remains from the project -- we sucked at marketing and didn't really get a userbase, so it died off.
"As an extension of its ongoing collaboration with Amazon, Citrix is now delivering its innovative networking and desktop virtualization solutions from AWS."
Interesting. I already use an EC2 instance for exactly this (running Debian) and it has been a great way to work. My laptop only needs to be powerful enough to run an ssh client and X server and then the instance does all the heavy lifting of running applications (in this case, mostly compiling code). It is beyond cool being able to scale the hardware up/down depending on how nasty my current project's build is. Even better is that I can ssh in and do basic work from any computer than has an ssh client. Emergency one-line patch from my smartphone? Fuck yeah! Pricing of the new desktop instances looks a little high compared to reserved instances of similar power, but I imagine that is the MSFT tax at work.
Looks pretty good compared to the 'On Demand' instances though, even including the MS and (I assume) Teradici licensing. Somewhere in between On Demand on Reserved. If you can script yo sh!t together, spot instances is where it's at..
I've thought about going this route. Somewhere along the line I found "mosh" which might be useful to you if you're working at the terminal a bunch. I solves the typing latency issue as well as a host of platform specific terminal emulation issues.
This is an interesting counter to ChromeOS/Chromebooks. Basically Amazon has a 'what your are familiar with, except in the cloud' as opposed to 'this new thing but it's cloud based.' The demerits for both are that you lose the cloud and you're down, someone gains access and you are compromised. So many baked in assumptions in IT about how the local workstation is local.
I wonder what it does to business internet prices too.
Actually a killer combination is this (or a more-affordable VPS) _plus_ a Chromebook.
You can SSH into your Linux desktop to do programming and heavy computing, and use web apps.
If you need some GUI, you do a web app on your server and connect to it from the browser on your Chromebook. (Instead of a full-on remote desktop VNC.)
This is a really nice way to work. And your Chromebook is disposable/wipe-able. It's basically a terminal. Welcome to 1970, but with the web app twist.
And of course you can SSH/browse into that same server from whatever else, too. Like a tablet, a full laptop, or even a desktop.
Wow. These two announcements from Amazon today have been really interesting. I work at a community college and we're constantly investigating VDI and vApp solutions. With the heavy push towards a more cloud-ready infrastructure, it'll be interesting to see how our upper management approaches this platform.
A lot of our initial hardware costs have to deal with planning for spikes in usage. At any given time we may only see 10% use -- but come the end of the semester -- that could very well jump to 10x our average load. And we have to have the hardware allocated for that. It's a balancing act between how much we can expect and how much we can feasibly budget.
I can see this being a huge win for education. We have a department that oversees all IT related tasks. They also chip in occasionally to help establish foundations for best practices and unite all the community colleges on single platforms (email, learning management software, internet services, etc.). This might be right up their alley.
This looks awesome. I don't think latency will be much of an issue either. Years ago I worked on a training system that allowed users to launch the NXClient directly from a training website and run labs on EC2 instances and even from the west coast I could write code on a US East instance very comfortably, without any noticeable lag.
"In July 2013, reports circulated that Oracle was ending the development of Sun Ray, and related products.[4] Scott McNealy (long-time CEO of Sun) tweeted about this.[5] An official announcement was made August 1, 2013, with a last order in February 2014.[2]"
i've been looking for something like this for a while. Have you tried it? Octane renderer can produce some great results but wondering about the cloud GPU rendering cost
They really seem to be pushing the corporate compliance / data security aspect of this, but it feels like a roundabout way of solving that problem, and in some cases, may even make it worse. Which is more dangerous? Having corporate data on a thoroughly locked down laptop, or having corporate data on a miserable cloud desktop which makes the user desperate to move the data local (dropbox, email, etc.)
This is a very cool service, I just don't think the data security and compliance argument is a very good one. Unless they have some way of making sure that data can not possibly leave the virtual environment.
Please forgive what may sound like an ignorant comment:
What if we ignored the NSA and security issues to think about the potential for new technology like this. If you never had to locally own your data, what could be possible?
How light could laptops become? We would no longer need as big of a hard drive and processor, and could probably reduce weight in lots of other ways.
And how many number of machines could you reduce to? Not only could two people share the same machine really easily, but you could access your personal workspace, work workspace, and any additional workspace with basically the same machine.
This would be a great option for the many individuals who use their computers for nothing but productivity and browsing. You wouldn't need to buy Office and a new computer up front, and theoretically you can stay up-to-date without buying an entirely new laptop.
You'd just need to buy a lightweight device (similar to a Chromebook) with a screen. Of course they don't even support Chrome right now (IE and FF only), but the idea would be solid for almost anyone who doesn't game or need low-latency computing.
Recently with all the advancements in this space (PCoIP) i started wondering if this is the future of personal computing ? Going back to mainframes and just connecting a thin client to your desktop from wherever you are and whatever device to find your desktop as you left it.
And if wed have this, would Web Applications still make sense ? This would kind of collide with the concept and long term vision of something like ChromeOS for example. Id love to see/have a discussion on this somehow.
If these can be rented by the hour, it could be a good way to get Windows machines for testing websites with various versions of Internet Explorer and testing emails with various versions of Outlook.
I know that EC2 and Rackspace has Windows machines, but only with Windows Server. When I have tried that, there is always something funny, such as IE security settings that are different from those of desktop Windows installs.
For now, I have settled on having local Windows installs (free licenses through BizSpark) in VirtualBox.
They should combine their delivery services and provide what I thought they were providing (this is still pretty cool but just saying):
Provisioning and renting out multiple devices, controlled via the AWS console (with some sort of address delivery form and ability to rent out devices, installed with a particular image).
I.e., allowing auto-provisioning to extend truly to the consumer space.
I always hate reading about services like this because I work in the medical industry and something like this would be unbelievably beneficial but will never be implemented because no sane company would ever sign a business associates agreement with the fines that they would get if there was a breach.
This looks interesting, definitely going to look into it. $35 // month doesn't sound too bad, just not sure why I wouldn't just fire up a VM on my local machine which has 16 Gigs RAM. $15 would be more palatable for a 3.5 Gig VM.
Is this the continuation of the beginning of the end of low-latency client computing? It's bad enough already that my company is on Google Apps and I'm forced to use Gmail and Docs instead of Outlook/Exchange and Word/Excel.
Question: If someone runs a process on their Amazon WorkSpace and then disconnects from it, does that process continue running? Does the WorkSpace stay online (like a VPS) or is disconnecting equivalent to shutting your computer down?
If they had a version of this where I could rent photoshop by the hour I'd be elated. (I know these are billed monthly, I saw that, I'm wishing for two changes simultaneously)
It may be unproductive but it highlights a paradigm change.
If you host your Desktop in the cloud at Amazon your data is completely at the mercy of Amazon. This can be an issue for health-related data or customer data.
It is a fact now that there are secret courts in the US that disallow Amazon from telling you that someone else accessed your data. I'm not sure about law enforcement but they can probably gain access to that data you stored there too.
As a business from a foreign country you lost control over your data. Some businesses can afford that - a lot can't.
I own my own business and jokes aside (which it was) I won't be putting anything I don't have to into the cloud and in the mid/long term I'll be moving stuff back in house (Google apps for email was convenient but not essential etc).
As I'm in the UK pulling stuff out the US seems vaguely ridiculous if I move to another cloud provider anywhere as GCHQ has shown to be remarkably (frighteningly in fact) efficient (there has to be some humour in their about the government been more efficient at monitoring people than at just about anything else...) so back in house is pretty much the way to go.
I don't have anything that would interest anyone I don't think (We are a small company developing software for the renewables industry) but its not really about the nothing to hide mantra so much as restoring some of the balance and if that costs me a bit extra so be it.
There have always been worries about hosting your data with a 3rd party NSA hyperbole or not. This is why you follow HIPPA standards if they are applicable, or ensure AWS is compliant with a standard you need to adhere to: http://aws.amazon.com/compliance/
Your company will always have to value the risk/reward tradeoff of hosting with a 3rd party and it has nothing to do with secret courts or any other silly end of the world predictions, and has to do with the fact that your data is outside of your direct control.
You may have no problems with these things. I'm not a US citizen and these things do matter in my decision to host my data in the US. These problems are not new. The US never had a strong privacy law.
Taken all this into account it's hard sell for any business outside of the US to use US based cloud services. That's all I wanted to illustrate.
Yes there are FISA warrants. If you are this paranoid that your data is this sensitive you shouldn't even be thinking about keeping your data anywhere else besides your locked down datacenter that you alone have access to.
What I am stating above is, NSA revelations or not hosting your data with a 3rd party is an obviously inherent risk.
I agree they aren't productive. However, the fact that we keep hearing about it, especially from those not from the US, is informative. There is a German IT manager posting about how he's like to use this but can't due to the NSA spying. The NSA is taking money and markets out of our hands and may cause products like this to fail.
No, there is a German IT manager posting about how he can't use it due to EU data protection laws. Nothing to do with NSA spying.
Intelligent discussion about the issues of cloud computing, including data protection laws and spying, is useful and welcome. But posts that basically boil down to "LOL NSA" are not intelligent.
Actually, it's the opposite - users can buy cheap chromebooks and access virtual desktops running in AWS from them instead of buying more expensive Windows laptops.
I know that some of you guys have some issues with hosting data in US datacenters...but I have to tell you...I'm so fed up with IT. I'm actually sitting on hold with a major "all hands" issue with our IT department...
I've done this for years...maybe 20 years at this point. I can tell you this..."We" (meaning everyone in IT) don't do desktop management well AT ALL. I can't remember the last time I used a corporate baseline. They take 10 minutes to SHUTDOWN. (That's private industry...government is worse.) I don't know why users put up with it and it makes me realize why everyone hates Windows. (The average baseline literally forces it to stink like a rotting fish.) Couple that with networking guys that are useless at telling you anything other than "its up"...ITS ALWAYS THE FIREWALL.
Almost everyone that I work with just doesn't get how precarious their position actually is...if people don't want to use the sh!t that you work on you just might find yourself screwed at some point.
I work in IT and I would use something like this in a HEARTBEAT if it meant getting better boot times and less "what port is open" bs.
It seems to me that most people in IT actually think that the servers are more important than the people using them.
What the f--k is a "corporate baseline"? If it's some sort of pre-done corporatized software stack using some nonsense like IBM Tivoli ("provides Integrated Service Management software to help manage business value of your IT infrastructure" -- sounds like something generated by http://cbsg.sourceforge.net/cgi-bin/live), that's where most of your problems lie. These are a pain in the ass for everyone -- people who have to use them and people who have to support them.
Trust your users. If you can't, educate them. If you still can't, get rid of them and hire smart people you can trust. Now you don't need fancy "desktop management".
I work with smart people...Lots of smart people who make critical components for computers. Trust me, you still need desktop management, with corporate standard images.
By corporate baseline, I imagine it's corporate standard image with the standard loadout of software (encryption, antivirus, office, etc)
Ha! If you have a userbase of thousands of PCs, or PCs & Macs, or PCs, Macs & mobile devices, you absolutely have to have a standard operating environment, for many reasons, and if you believe otherwise you have no business commenting in this thread. You don't need to use something like Tivoli, but you do need a standard desktop image, standardized software packages and a method to provision/deprovision machines, management/reporting software, some kind of license management scheme (to prevent over-installation of commercial software, especially stuff that uses a corporate license key rather than individual keys), anti-virus and security systems, a way to force full disk encryption, a method of dealing with Patch Tuesdays, a way to push standard browser configurations or proxy .pac files, and innumerable other things.
Believe it or not, most employees' job at most companies has nothing to do with computing. They use computers to execute some other responsibilities, but the computer is a tool and all they want is for it to be as easy as possible to use, and for it to "just work".
Even if you have a BYOD policy, you still need management around it for a lot of the reasons I listed.
> Your IT department isn't everyone's IT department.
Quite true but having interacted with a number of IT shops from startups to Fortune 100 / .gov scale it's quite disturbing to think about the percentage which could accurately be described as impediments and how few even realize this.
I imagine this is similar to what it felt like to work at a US auto maker shortly before the Japanese manufacturers started rolling.
But it will. The "cloud" will eventually replace corporate IT departments. Most companies don't want an IT department, it's a necessary headache and cost center that they only deal with when it gets in the way.
Moving where the problems occur to a single "cloud" company that develops the expertise to solve these problems once for each of their corporate clients is a large improvement.
Companies will simply pay for cloud IT services that manage desktops, provide servers, and most importantly take care of maintenance and updates at a much cheaper total cost.
The thing is - How do you develop a standardized toolchain for work? Who decides what the tradeoffs of a particular ERP stack are, how do you integrate it with your accounting system, who controls data flow in your company? You still need people to make those decisions, and that is what corporate IT is about - it's about designing, implementing and refining processes, not really technology. The tech is a tool, not the be all end all.
I think that "cloud" will be a definite bonus to the SMB shop, and provide a wonderful amount of spare capacity to enterprise shops, but I can't foresee "the cloud" replacing in-house IT completely.
> You still need people to make those decisions, and that is what corporate IT is about - it's about designing, implementing and refining processes, not really technology. The tech is a tool, not the be all end all.
I think that "cloud" will be a definite bonus to the SMB shop, and provide a wonderful amount of spare capacity to enterprise shops, but I can't foresee "the cloud" replacing in-house IT completely.
But it will replace the major costs of corporate IT - technical resources services. For example, today a large corp (let's use Gazprom as an example) will contract a big IT services company (let's use Wipro for example) to manage their servers. This specific AWS service can in theory replace a large Citrix farm. When I was internal at SAP for example, every employee had access to their very own remote windows desktop, which had the basic office software on it required to do anything they could do on their laptop. The overall idea of cloud isn't the technology, it's that it's shared services.
You can't. Every business over a certain size will still need in house people that understand their problems. All Amazon, or any cloud providers for that matter, are doing is abstracting away IT services from the bottom up.
Need a server? click a button
Message queue? click.
Database? click.
Virtualised Desktops? clicky-clicky.
Virtual Tape Drive? (I'm as surprised as you are).
You're still going to need people who need to know what each one of those things means to your business. But in-house enterprise IT today still consists of lots of people (and payroll) who put things in racks, re-image desktops, restore SQL Backups, install custom software and give the tapes to the dude in the motorcycle helmet...
In the medium term the cloud won't replace IT. It will however redefine it to the point that the 'spare capacity' that you mentioned will be seen like an amusing anachronism.
This is the big reason many of the people where I work have simply opted out of the enterprise IT offerings. They use gmail and google apps, policies be damned.
I'm looking forward to the first really big instance of ass-biteage from that. Where ubiquitous "national security" surveillance gets undeniably linked to a spectacular display of for-profit business interest or insider trading.
If I were a corporate IT/Security type, I'd have a firewall config ready and waiting for the day it becomes clear that corporate secrets (hopefully somebody else's first) are finding their way from employees GoogleDocs into competitor's hands. I'd quite likely consider the collateral damage of blackholing every Google IP address, including search (and advertising), to be easily justifiable in the campaign to keep corporate data out of gmail/googledocs/gdrive et al.
(I wonder if that's an opening for someone like DuckDuckGo or Blekko? Become "the search engine that's still allowed from behind corporate firewalls", because you're not offering the sort of end-run-around-IT-policies email/apps/storage that Google/Yahoo/Bing all have available?)
That is on my list of things blekko should do eventually, for example we could set things up for big company networks to run all their queries through an anonymizing proxy that they control. The problem today is that Google's results (for technical queries) and search brand (for all queries) are so strong that a majority of the hypothetical big company users would revolt.
(As an aside, the possibilities for industrial espionage in your typical not-privacy-respecting search engine are staggering. Google knows what the R&D departments of every Fortune 500 company have cooking. Just look at the queries and clicks from their IP addrs. Yow.)
People decide to do something they shouldn't do, talk about it on GMail, and some "unfortunate accident" results in the deletion of said data when litigation time comes around and it's time to preserve stuff.
> They use gmail and google apps, policies be damned
I wonder how their company's lawyer will react when presented in a courtroom with claim that they did not hand over all of the relevant employee e-mail in discovery. Further, perhaps they would like to read some of the correspondence for the first time as presented by the other sides law team.
I get the feeling the person not using the company approved services will also suffer in a lawsuit. The company is going to take a hit, but I bet the person screwing around will have some personal liability.
I'm a sysadmin and I write some simple database driven tools for internal use. I wish I could make the owners of the company realize this simple truth.
Just because I can make the program, doesn't mean your shitty neighbor's son will care more about his job.
Can't be used in G. for the same reasons MS Office 365 is off limits, sensitive personal and business data don't belong in non german-hosted clouds.
One part of me wants that easy carefree cloud life, the other part doesn't want to feed the US-overlord anymore with our precious informations.