AWS Announces Digital Sovereignty Pledge (techcrunch.com) 37
AWS has announced its "AWS Digital Sovereignty Pledge." From a report: As nations across the globe introduce legislation that governs how and where businesses can keep data on their local users, the large clouds either have to offer attractive solutions or run the risk of having their customers move to local clouds. Microsoft, with Purview, and Google, with Dataplex, also offer data governance tools, but none of them have gone quite as far as AWS in making digital sovereignty a core pillar of their cloud strategy. Matt Garman, AWS's senior vice president of Sales, Marketing and Global Services, notes that giving customers control over their data has always been a priority for AWS, but with constantly shifting and evolving legal requirements, managing all of this has become increasingly complex.
"In many places around the world, like in Europe, digital sovereignty policies are evolving rapidly. Customers are facing an incredible amount of complexity, and over the last 18 months, many have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow. We firmly believe that customers shouldn't have to make this choice," he writes.
"In many places around the world, like in Europe, digital sovereignty policies are evolving rapidly. Customers are facing an incredible amount of complexity, and over the last 18 months, many have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow. We firmly believe that customers shouldn't have to make this choice," he writes.
Have seen Google Fail at Compute (Score:2)
Local + US (Score:1)
Amazon still would have shutdown Parler even if it was siloed outside the US. As a US company it is vulnerable to US Intelligence edicts.
Re: (Score:2)
That has literally nothing to do with this.
Re: (Score:2)
He's still mad about it!
Re: (Score:3, Funny)
Parler has nothing to do with intelligence.
Re: (Score:2)
Re: (Score:2)
who would ensure Amazon would not just release data from non-US people and businesses at their whim?
Because AWS admins don't have access to the customers' data unless the customer has specifically given them access. Even if they're moving/mirroring the customer's data from one zone to another they have no idea what they're moving. This is not like Windows or Linux admins, which can access whatever they want, at AWS all they see is an encrypted blob of bits X-many bytes long. One of the data techs started
Yeah, no (Score:4, Interesting)
Anyone who has used AWS will tell you that they will do everything they can do get you data. They have literal trucks set up so they can drive to location with your data, extract it on site, drive to a nearest AWS facility and dump it there. They have systems that have been tailored to ingest data from amazing amount of potential sources so it can be moved to AWS.
But god forbid you try to leave AWS after your data has been taken there, and that became your primary data storage. If you're really lucky, you'll have to jump through insane amount of red tape to get your data out in a format that could be useful outside AWS. If you're less than really lucky, you're just stuck with AWS. There's no meaningful way to extract your data and leave with it.
Once AWS has your data, it's theirs and they'll fight you tooth and nail should you attempt to extract yourself from their services to go elsewhere. And ability to do so is literally the first among the "data sovereignty" talking points. If you can take your data with you in a useful form and go to another provider, you have no data sovereignty. You are completely captive.
My guess, this whole spiel is an attempt to deflect from the upcoming EU probe, where many smaller cloud providers specifically asked for investigation into Amazon not allowing customers control over their data so they could compete.
Re: (Score:2)
Typo correction:
>If you can take your data with you in a useful form and go to another provider, you have no data sovereignty. You are completely captive.
Should obviously state "if you can't take your data".
Re: (Score:3)
That's not really what Data Sovereignty means. It means keeping the data collected from a country's citizens and businesses inside the country of origin so it is only subject to that country's laws.
Re: (Score:1)
Re: (Score:2)
That is why I note in the final sentence that:
"this whole spiel is an attempt to deflect from the upcoming EU probe, where many smaller cloud providers specifically asked for investigation into Amazon not allowing customers control over their data so they could compete."
Uh, that's not how it works (Score:3)
It's hard to get data out of AWS because there's a lot of it.
AWS doesn't prevent you from getting your data. I'm not sure what you're smoking, but you're totally wrong.
The problem is that if you have tons of data moving it is hard. They have snowballs that you can get to move stuff on-site, but then you obviously have to work at getting the data off the snowball.
TL;DR: I don't know what the fuck this guy is talking about.
Re: (Score:2)
The fact that AWS has a system in place to get huge amounts of data into AWS quickly (ie aws snowball/snowmobile, etc), but doesn't have a system to get huge amounts of data out quickly besides the usual network stuff--which is I think what all other providers have--doesn't mean they're restricting getting data out. It just means they've made it easy to get data in.
Re:Uh, that's not how it works (Score:4, Insightful)
AWS Snowball can be used for import OR export of data to/from S3.
https://docs.aws.amazon.com/snowball/latest/ug/device-differences.html [amazon.com]
Re:Yeah, no (Score:5, Informative)
How is there no meaningful way to extract your data and leave with it? At the most basic, if you are able to query your data in any way, you can leave with it.
More advanced than that, RDS databases support replication and tools for dumping the entire database schema to a file, which you can then replay into a different database host (pgdump / pgload for postgres, mysqldump for MySQL, etc.). Shit, I once set up an open source tool that was doing selective row-based replication from an RDS host into Kafka topics, which could then be subscribed to by literally anything, including tools written to transform that data and then ingest it into a completely different database engine, basically creating a streaming ETL from postgres to MS-SQL.
Anything hosted on EC2 is even easier, because you can just create a file sharing connection (CIFS, NFS, SFTP, etc.) and egress it that way.
Anything hosted on S3 can be pulled off either using the AWS CLI, or HTTPS - if it's not a public bucket then you'll need a VPN solution into your AWS account, but if you're actually doing anything with security you probably already have that.
DynamoDB? AWS CLI has a tool for that: `aws dynamodb scan --table-name `
Redshift? There's a command specifically for dumping a query to a file on S3 [amazon.com].
If you don't know how to get your data out of AWS, then you either have never really tried, or you're just massively incompetent.
Can Luckyo be both? (Score:1)
If you don't know how to get your data out of AWS, then you either have never really tried, or you're just massively incompetent.
Can Luckyo be both?
Re: (Score:2)
Indeed. There are services who's expertise they get paid for very well. That expertise is how to navigate AWS labyrinthine policies and methods specifically aimed at making moving from AWS to a competitor as hard as possible.
To my understanding, that is one of the parts of the upcoming EU probe in fact.
Re: (Score:2)
That is why I said "There's no meaningful way to extract your data and leave with it." rather than the position you attacked, "there is not way to extract your data and leave wit hit".
You can get your data out if it. As you mention, it's really easy. Of course, it's going to be in a format that is going to be quite hard to just plug into the competing service because of how AWS manages it. It's there specifically to offer the defense of "but you can get it out!" while ensuring that you're not just easily go
Re: (Score:2)
How are SQL dumps "in a format that is going to be quite hard to just plug into the competing service" ?
How do CSV files end up being described like that?
How would files directly copied off EC2-hosted servers end up being described like that?
You are trying to make distinctions without any details, and it's all meaningless pap. Anyone that has ever worked with large databases won't have a problem with it, because you are just working with large databases using their native tools.
As I said, it's either a pro
Re: (Score:2)
AWS customers frequently have accumulated petabytes of data between the time they joined the platform and the time they might want to leave, which would in fact make it harder to leave than to join. I don't think that's what he talking about of course, but it is a consideration that doesn't seem to occur to a lot of people when signing up. Once the DB has exceeded a certain size moving it becomes a serious issue. When we loaded the data on the AWS Snowmobile for our first Exabyte-sized migration the cust
Re: (Score:2)
Re: (Score:2)
It sounds like you had a very large amount of IT professionals focused on the task of migration. Definitionally, that's a massive difficulty hurdle compared to what it takes for migrate to AWS.
Again, I'm not saying "it's impossible". I'm saying it's intentionally made to be much, much more difficult to go one way compared to the other.
Amounts to fuck all (Score:5, Informative)
When the three letter agencies (FBI, CIA, NSA, etc.) of the U.S. come knocking wanna take bets how long this "sovereignty" will last? There is no way a US company is going to side on the side of privacy when its corporate charter is beholden to the US.' state and federal laws and risk fines (or worse.)
Re: (Score:2)
UnknownSoldier is apparently unaware that all three of the agencies he listed use AWS for their data storage in part because of the system's inherent security.
impossible to do (Score:4, Informative)
As long as Amazon is a US company they are subject to US laws which according to the US courts will apply all over the world regardless whether the hardware or site is managed not by Amazon itself but a different company that belongs to Amazon. Even if the site belongs to a totally different company, if Amazon has access to the data they are supposed to give that access to US government agencies. At least that's how I understand this.
That is incompatible with the European GDPR so: No go
Re: (Score:2)
if Amazon has access to the data
If the customer has set up their system correctly Amazon absolutely does **NOT** have access to the data. All anyone at the company sees are encrypted blobs of bits, until the customer specifically gives them access. Customers have lost/corrupted their encryption keys and tried to get Amazon to rescue their data for them, but it's a waste of time (and the company will tell them so).
Digital Sovereignity Pledge (Score:4, Funny)
Does it come with a Promise Ring?
..sociopath agencies accept laws. (Score:1)
what could (has) gone wrong?
Cloud act ? OpenStack on Debian to the rescue ! (Score:2)
Choose freedom. Choose free software. Choose a cloud powered by OpenStack, or operate it yourself (or both, in a hybrid way). It's not THAT difficult, and a way cheaper in the long run.
To make it even more freedom oriented, choose OpenStack on Debian, so that you choose the least locked-in solution (Debian being the only distribution with OpenStack that will not enforce tra
Re: (Score:2)
The number of companies who have the capabilities to do that solution adequately is vanishingly small, unfortunately.