Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Technology

AWS Announces Digital Sovereignty Pledge (techcrunch.com) 37

AWS has announced its "AWS Digital Sovereignty Pledge." From a report: As nations across the globe introduce legislation that governs how and where businesses can keep data on their local users, the large clouds either have to offer attractive solutions or run the risk of having their customers move to local clouds. Microsoft, with Purview, and Google, with Dataplex, also offer data governance tools, but none of them have gone quite as far as AWS in making digital sovereignty a core pillar of their cloud strategy. Matt Garman, AWS's senior vice president of Sales, Marketing and Global Services, notes that giving customers control over their data has always been a priority for AWS, but with constantly shifting and evolving legal requirements, managing all of this has become increasingly complex.

"In many places around the world, like in Europe, digital sovereignty policies are evolving rapidly. Customers are facing an incredible amount of complexity, and over the last 18 months, many have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow. We firmly believe that customers shouldn't have to make this choice," he writes.

This discussion has been archived. No new comments can be posted.

AWS Announces Digital Sovereignty Pledge

Comments Filter:
  • No, not good for HFSS crunching. They are used to load-sharing/leveling, but it doesn't work for everything.
  • Amazon still would have shutdown Parler even if it was siloed outside the US. As a US company it is vulnerable to US Intelligence edicts.

    • That has literally nothing to do with this.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Parler has nothing to do with intelligence.

    • This is exactly why governments anywhere else should avoid AWS as much as possible. After all Snowden/Wikileaks stuff, who would ensure Amazon would not just release data from non-US people and businesses at their whim?
      • by cusco ( 717999 )

        who would ensure Amazon would not just release data from non-US people and businesses at their whim?

        Because AWS admins don't have access to the customers' data unless the customer has specifically given them access. Even if they're moving/mirroring the customer's data from one zone to another they have no idea what they're moving. This is not like Windows or Linux admins, which can access whatever they want, at AWS all they see is an encrypted blob of bits X-many bytes long. One of the data techs started

  • Yeah, no (Score:4, Interesting)

    by Luckyo ( 1726890 ) on Tuesday November 29, 2022 @11:15AM (#63088628)

    Anyone who has used AWS will tell you that they will do everything they can do get you data. They have literal trucks set up so they can drive to location with your data, extract it on site, drive to a nearest AWS facility and dump it there. They have systems that have been tailored to ingest data from amazing amount of potential sources so it can be moved to AWS.

    But god forbid you try to leave AWS after your data has been taken there, and that became your primary data storage. If you're really lucky, you'll have to jump through insane amount of red tape to get your data out in a format that could be useful outside AWS. If you're less than really lucky, you're just stuck with AWS. There's no meaningful way to extract your data and leave with it.

    Once AWS has your data, it's theirs and they'll fight you tooth and nail should you attempt to extract yourself from their services to go elsewhere. And ability to do so is literally the first among the "data sovereignty" talking points. If you can take your data with you in a useful form and go to another provider, you have no data sovereignty. You are completely captive.

    My guess, this whole spiel is an attempt to deflect from the upcoming EU probe, where many smaller cloud providers specifically asked for investigation into Amazon not allowing customers control over their data so they could compete.

    • by Luckyo ( 1726890 )

      Typo correction:

      >If you can take your data with you in a useful form and go to another provider, you have no data sovereignty. You are completely captive.

      Should obviously state "if you can't take your data".

      • That's not really what Data Sovereignty means. It means keeping the data collected from a country's citizens and businesses inside the country of origin so it is only subject to that country's laws.

        • AWS is an _American_ company, subject to America's Laws and whims. After all Wikileaks/Snowden conundrum, I would avoid as much as possible AWS, specially for sensitive data, even more if I'm a gov or something linked to
        • by Luckyo ( 1726890 )

          That is why I note in the final sentence that:

          "this whole spiel is an attempt to deflect from the upcoming EU probe, where many smaller cloud providers specifically asked for investigation into Amazon not allowing customers control over their data so they could compete."

    • It's hard to get data out of AWS because there's a lot of it.

      AWS doesn't prevent you from getting your data. I'm not sure what you're smoking, but you're totally wrong.

      The problem is that if you have tons of data moving it is hard. They have snowballs that you can get to move stuff on-site, but then you obviously have to work at getting the data off the snowball.

      TL;DR: I don't know what the fuck this guy is talking about.

    • Re:Yeah, no (Score:5, Informative)

      by MachineShedFred ( 621896 ) on Tuesday November 29, 2022 @11:52AM (#63088756) Journal

      How is there no meaningful way to extract your data and leave with it? At the most basic, if you are able to query your data in any way, you can leave with it.

      More advanced than that, RDS databases support replication and tools for dumping the entire database schema to a file, which you can then replay into a different database host (pgdump / pgload for postgres, mysqldump for MySQL, etc.). Shit, I once set up an open source tool that was doing selective row-based replication from an RDS host into Kafka topics, which could then be subscribed to by literally anything, including tools written to transform that data and then ingest it into a completely different database engine, basically creating a streaming ETL from postgres to MS-SQL.

      Anything hosted on EC2 is even easier, because you can just create a file sharing connection (CIFS, NFS, SFTP, etc.) and egress it that way.

      Anything hosted on S3 can be pulled off either using the AWS CLI, or HTTPS - if it's not a public bucket then you'll need a VPN solution into your AWS account, but if you're actually doing anything with security you probably already have that.

      DynamoDB? AWS CLI has a tool for that: `aws dynamodb scan --table-name `

      Redshift? There's a command specifically for dumping a query to a file on S3 [amazon.com].

      If you don't know how to get your data out of AWS, then you either have never really tried, or you're just massively incompetent.

      • by Anonymous Coward

        If you don't know how to get your data out of AWS, then you either have never really tried, or you're just massively incompetent.

        Can Luckyo be both?

      • by Luckyo ( 1726890 )

        That is why I said "There's no meaningful way to extract your data and leave with it." rather than the position you attacked, "there is not way to extract your data and leave wit hit".

        You can get your data out if it. As you mention, it's really easy. Of course, it's going to be in a format that is going to be quite hard to just plug into the competing service because of how AWS manages it. It's there specifically to offer the defense of "but you can get it out!" while ensuring that you're not just easily go

        • How are SQL dumps "in a format that is going to be quite hard to just plug into the competing service" ?
          How do CSV files end up being described like that?
          How would files directly copied off EC2-hosted servers end up being described like that?

          You are trying to make distinctions without any details, and it's all meaningless pap. Anyone that has ever worked with large databases won't have a problem with it, because you are just working with large databases using their native tools.

          As I said, it's either a pro

      • by cusco ( 717999 )

        AWS customers frequently have accumulated petabytes of data between the time they joined the platform and the time they might want to leave, which would in fact make it harder to leave than to join. I don't think that's what he talking about of course, but it is a consideration that doesn't seem to occur to a lot of people when signing up. Once the DB has exceeded a certain size moving it becomes a serious issue. When we loaded the data on the AWS Snowmobile for our first Exabyte-sized migration the cust

    • Comment removed based on user account deletion
      • by Luckyo ( 1726890 )

        It sounds like you had a very large amount of IT professionals focused on the task of migration. Definitionally, that's a massive difficulty hurdle compared to what it takes for migrate to AWS.

        Again, I'm not saying "it's impossible". I'm saying it's intentionally made to be much, much more difficult to go one way compared to the other.

  • Amounts to fuck all (Score:5, Informative)

    by UnknownSoldier ( 67820 ) on Tuesday November 29, 2022 @11:15AM (#63088632)

    When the three letter agencies (FBI, CIA, NSA, etc.) of the U.S. come knocking wanna take bets how long this "sovereignty" will last? There is no way a US company is going to side on the side of privacy when its corporate charter is beholden to the US.' state and federal laws and risk fines (or worse.)

  • impossible to do (Score:4, Informative)

    by twms2h ( 473383 ) on Tuesday November 29, 2022 @11:17AM (#63088644) Homepage

    As long as Amazon is a US company they are subject to US laws which according to the US courts will apply all over the world regardless whether the hardware or site is managed not by Amazon itself but a different company that belongs to Amazon. Even if the site belongs to a totally different company, if Amazon has access to the data they are supposed to give that access to US government agencies. At least that's how I understand this.

    That is incompatible with the European GDPR so: No go

    • by cusco ( 717999 )

      if Amazon has access to the data

      If the customer has set up their system correctly Amazon absolutely does **NOT** have access to the data. All anyone at the company sees are encrypted blobs of bits, until the customer specifically gives them access. Customers have lost/corrupted their encryption keys and tried to get Amazon to rescue their data for them, but it's a waste of time (and the company will tell them so).

  • by 93 Escort Wagon ( 326346 ) on Tuesday November 29, 2022 @11:37AM (#63088718)

    Does it come with a Promise Ring?

  • what could (has) gone wrong?

  • The biggest problem is the cloud act. Because AWS is from the USA, it cannot get itself out of it. Everything else is just bullshit.

    Choose freedom. Choose free software. Choose a cloud powered by OpenStack, or operate it yourself (or both, in a hybrid way). It's not THAT difficult, and a way cheaper in the long run.

    To make it even more freedom oriented, choose OpenStack on Debian, so that you choose the least locked-in solution (Debian being the only distribution with OpenStack that will not enforce tra
    • by cusco ( 717999 )

      The number of companies who have the capabilities to do that solution adequately is vanishingly small, unfortunately.

Avoid strange women and temporary variables.

Working...