Will Amazon's Virtual Private Cloud Be Private Enough?

logo_awsAmazon (s amzn) last night announced it Virtual Private Cloud service, essentially giving enterprise customers worried about security and control in the cloud a salve to get them to trust it. The offering provides access to Amazon’s web services through a virtual private network, which is basically a secure tunnel through the Internet from a corporate network to Amazon’s servers. It’s like having a private line to Amazon’s cloud as opposed to a party line.

The virtual part of this announcement is key. The Amazon offering isn’t a pledge to put all of your data on a physically separate system — it’s all secluded at the network level using the virtual private network. So the information in Amazon’s cloud will still be shared with other companies’ data on the actual servers. By doing this, Amazon is trying to preserve the benefits of sharing fully utilized servers in a true cloud that can scale, but still provide enterprise customers with a peace of mind that they can lock down some of that data, at least while it travels to the cloud. Amazon is trying to offer the economic benefits of cloud computing in a palatable format for businesses that are weighing whether or not they should try to build their own in-house cloud infrastructures. Amazon CTO Werner Vogels explains in his blog:

These CIOs know that what is sometimes dubbed “private cloud” does not meet their goal as it does not give them the benefits of the cloud: true elasticity and capex elimination. Virtualization and increased automation may give them some improvements in utilization, but they would still be holding the capital, and the operational cost would still be significantly higher.

With this announcement, Amazon is trying to get a jump on it competitors that are gunning for corporate customers. While many big businesses have used Amazon Web Services, most perceive it as being insufficiently secure for important or confidential data. Companies such as Microsoft, IBM and Rackspace are trying to find the right mix of scale and security for enterprise clients. Microsoft (s msft) is building its own platform and infrastructure-as-a-service offering called Azure; IBM is creating several gradations of a private cloud from something deployed inside a corporation’s own data center to a service delivered from Big Blue’s data center; and Rackspace (s rax) is hoping security-minded customers use its dedicated hosting that can scale up to the Rackspace cloud.

Michael Crandell, CEO of Rightscale, which provides cloud management software, tried to explain a bit more what Amazon is trying to do with the Virtual Private Cloud, which, by the way, costs an extra 5 cents an hour per VPN:

Something that initially puzzled me is what the benefits of a VPC are when all the marketing fluff dissipates. Here is what I’ve learned. First, instances in the VPC are separated from non-VPC instances at a deeper network level than instances in different security groups or belonging to different users. As is typical, Amazon doesn’t say anything of substance about the nature of this isolation. Let’s see how soon that will have to change to actually attract enterprises…Second, instances in the VPC can seamlessly integrate into a company’s internal network routing. This is significant because it means that tools used to inventory, secure, audit, manage and access all servers in the IT infrastructure can now be brought to bear on instances in the cloud as well.

The Amazon offering is different from IBM and Microsoft’s efforts in that it provides access to the raw infrastructure, rather than a service. Both Microsoft and IBM, especially Big Blue, are betting that enterprises will demand services, such as IBM’s workload specific offerings delivered from a cloud, or Microsoft’s SQL Azure, rather than access to the raw infrastructure. In the next few years, more enterprise computing jobs will shift to some of these companies, and by creating a Virtual Private Cloud offering, Amazon makes sure it stays relevant and can get a slice of the enterprise pie. The question will be whether or not businesses find Amazon’s Virtual Private Cloud private enough.