Difference between revisions of "Amazon Web Services"

From LIMSWiki
Jump to navigationJump to search
(→‎Provider research: Chapter number)
m (Text replacement - "Core Informatics, LLC" to "Core Informatics, LLC")
 
(10 intermediate revisions by the same user not shown)
Line 21: Line 21:
| products        = [[Infrastructure as a service|IaaS]], [[Platform as a service|PaaS]], [[Database as a service|DBaaS]], [[Desktop virtualization#Desktop as a service|DaaS]]
| products        = [[Infrastructure as a service|IaaS]], [[Platform as a service|PaaS]], [[Database as a service|DBaaS]], [[Desktop virtualization#Desktop as a service|DaaS]]
| services        =  
| services        =  
| revenue          = $12.7 billion (2020, Q4)<ref name="NovetAmazon21">{{cite web |url=https://www.cnbc.com/2021/02/02/aws-earnings-q4-2020.html |title=Amazon’s cloud division reports 28% revenue growth; AWS head Andy Jassy to succeed Bezos as Amazon CEO |author=Novet, J. |work=CNBC |date=02 February 2021 |accessdate=25 April 2021}}</ref>
| revenue          = $21.35 billion (2023 Q1)<ref name="NovetAmazon21">{{cite web |url=https://www.cnbc.com/2023/04/27/aws-q1-earnings-report-2023.html |title=Amazon’s 16% cloud revenue growth impresses even as margin narrows |author=Novet, J. |work=CNBC |date=27 April 2023 |accessdate=28 July 2023}}</ref>
| operating_income =  
| operating_income =  
| net_income      =  
| net_income      =  
Line 37: Line 37:
}}
}}


'''Amazon Web Services''' ( also known as '''AWS''') is an American [[cloud computing]] company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. AWS more than 200 data centers distributed in various locations around the world, with Africa and South America the least represented.<ref name="AWSGlobal">{{cite web |url=https://aws.amazon.com/about-aws/global-infrastructure/ |title=Global Infrastructure |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> The company provides more than 100 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, [[data analysis]], media management, container and [[middleware]] management, developer support, scientific computing, [[internet of things]], and virtual and augmented reality.<ref name="AWSSolutionsLib">{{cite web |url=https://aws.amazon.com/solutions/ |title=AWS Solutions Library |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref>
'''Amazon Web Services''' ( also known as '''AWS''') is an American [[cloud computing]] company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. AWS has more than 120 data centers distributed in various locations around the world, with Africa and South America the least represented.<ref name="AWSGlobal">{{cite web |url=https://aws.amazon.com/about-aws/global-infrastructure/ |title=Global Infrastructure |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref><ref name="ZhangAmazon22">{{cite web |url=https://dgtlinfra.com/amazon-web-services-aws-data-center-locations/ |title=Amazon Web Services (AWS) Data Center Locations: Regions and Availability Zones |author=Zhang, M. |work=Dgtl Infra |date=15 June 2022 |accessdate=28 July 2023}}</ref> The company provides more than 200 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, [[data analysis]], media management, container and [[middleware]] management, developer support, scientific computing, [[internet of things]], and virtual and augmented reality.<ref name="AWSGlobal" /><ref name="AWSSolutionsLib">{{cite web |url=https://aws.amazon.com/solutions/ |title=AWS Solutions Library |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref>


==Provider research==
==Provider research==
This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for your Laboratory|Choosing and Implementing a Cloud-based Service for your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.
This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for Your Laboratory|Choosing and Implementing a Cloud-based Service for Your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.




1. '''What experience do you have working with laboratory customers in our specific industry?'''
1. '''What experience do you have working with laboratory customers in our specific industry?'''


Examples of [[Laboratory|labs]] that have worked with AWS include Glidewell Laboratories<ref name="AWSGlidewell17">{{cite web |url=https://www.qlik.com/us/-/media/files/resource-library/global-us/direct/case-studies/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf |format=PDF |title=Glidewell Laboratories Gains Deeper Data Insights Faster with Amazon Redshift and Attunity |publisher=Amazon Web Services |date=2017 |accessdate=25 April 2021}}</ref>, Merck Research Laboratories<ref name="AWSDataEx">{{cite web |url=https://aws.amazon.com/data-exchange/ |title=AWS Data Exchange |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref>, National Renewable Energy Laboratory<ref name="AWSNational14">{{cite web |url=https://aws.amazon.com/solutions/case-studies/core-informatics/ |title=National Renewable Energy Laboratory’s OpenEI.org Case Study |publisher=Amazon Web Services |date=2014 |accessdate=25 April 2021}}</ref>, and the upcoming Innovation Lab.<ref name="OzdemirPfizer20">{{cite web |url=https://interestingengineering.com/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel |title=Pfizer, Amazon, and AstraZeneca Team Up To Build Laboratory in Israel |author=Ozdemir, D. |work=Interesting Engineering |date=29 December 2020 |accessdate=25 April 2021}}</ref> Additionally, an AWS article titled "[https://aws.amazon.com/blogs/industries/building-the-foundation-for-lab-of-the-future-using-aws/ Building the foundation for Lab of the Future using AWS]" published in 2019 provides some insight into what a laboratory integrated with AWS cloud offerings might look like.<ref name="CokerBuild19">{{cite web |url=https://aws.amazon.com/blogs/industries/building-the-foundation-for-lab-of-the-future-using-aws/ |title=Building the foundation for Lab of the Future using AWS |author=Coker, S.; Atnoor, D.; Buckner, P. |work=AWS for Industries |publisher=Amazon Web Services |date=11 September 2019 |accessdate=25 April 2021}}</ref> It's also worth noting that numerous [[laboratory information management system]] (LIMS) and [[laboratory information system]] (LIS) developers have offered their solution on AWS over the years, including [[Abbott Informatics Corporation]]<ref name="AbbotCloud">{{cite web |url=https://www.informatics.abbott/us/en/offerings/cloud-services |title=Cloud Services |publisher=Abbot Informatics Corporation |accessdate=25 April 2021}}</ref>, [[Core Informatics, LLC]]<ref name="AWSCore17">{{cite web |url=https://aws.amazon.com/solutions/case-studies/core-informatics/ |title=Core Informatics Case Study |publisher=Amazon Web Services |date=2017 |accessdate=25 April 2021}}</ref>, [[LabLynx, Inc.]]<ref name="LLXCloud">{{cite web |url=https://www.lablynx.com/cloud-hosting/ |title=Cloud Hosting |publisher=LabLynx, Inc |accessdate=25 April 2021}}</ref>, [[Orchard Software Corporation]]<ref name="OrchardAnnounce20">{{cite web |url=https://www.orchardsoft.com/press_release/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers/ |title=Orchard Announces Amazon Web Service–based Cloud Services Solution for Its Orchard Harvest Customers |publisher=Orchard Software Corporation |date=05 October 2020 |accessdate=25 April 2021}}</ref>, [[PD Evidence, LLC]]<ref name="AWSPDEv18">{{cite web |url=https://aws.amazon.com/solutions/case-studies/pdevidence/ |title=PDEvidence Helps Solve Crimes Faster Using Automated AWS-Based System |publisher=Amazon Web Services |date=2018 |accessdate=25 April 2021}}</ref>, and [[Thermo Scientific]].<ref name="HallNew20">{{cite web |url=https://www.rdworldonline.com/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud/ |title=New deployment model optimizes LIMS implementation in the Amazon Web Services Cloud |author=Hall, H. |work=R&D World |date=04 August 2020 |accessdate=25 April 2021}}</ref> An AWS representative is likely to be able to supply more examples of laboratories and [[laboratory informatics]] developers that use or have used AWS.
Examples of [[Laboratory|labs]] that have worked with AWS include Glidewell Laboratories<ref name="AWSGlidewell17">{{cite web |url=https://www.qlik.com/us/-/media/files/resource-library/global-us/direct/case-studies/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf |archiveurl=https://web.archive.org/web/20210924151843/https://www.qlik.com/us/-/media/files/resource-library/global-us/direct/case-studies/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf |format=PDF |title=Glidewell Laboratories Gains Deeper Data Insights Faster with Amazon Redshift and Attunity |publisher=Amazon Web Services |date=2017 |archivedate=24 September 2021 |accessdate=28 July 2023}}</ref>, Merck Research Laboratories<ref name="AWSDataEx">{{cite web |url=https://aws.amazon.com/data-exchange/ |archiveurl=https://web.archive.org/web/20210425134409/https://aws.amazon.com/data-exchange/ |title=AWS Data Exchange |publisher=Amazon Web Services |archivedate=28 July 2023 |accessdate=28 July 2023}}</ref>, National Renewable Energy Laboratory<ref name="AWSNational14">{{cite web |url=https://aws.amazon.com/solutions/case-studies/openei/ |title=National Renewable Energy Laboratory’s OpenEI.org Case Study |publisher=Amazon Web Services |date=2014 |accessdate=28 July 2023}}</ref>, and the Innovation Lab.<ref name="OzdemirPfizer20">{{cite web |url=https://interestingengineering.com/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel |title=Pfizer, Amazon, and AstraZeneca Team Up To Build Laboratory in Israel |author=Ozdemir, D. |work=Interesting Engineering |date=29 December 2020 |accessdate=28 July 2023}}</ref> Additionally, an AWS article titled "[https://aws.amazon.com/blogs/industries/building-the-foundation-for-lab-of-the-future-using-aws/ Building the foundation for Lab of the Future using AWS]" published in 2019 provides some insight into what a laboratory integrated with AWS cloud offerings might look like.<ref name="CokerBuild19">{{cite web |url=https://aws.amazon.com/blogs/industries/building-the-foundation-for-lab-of-the-future-using-aws/ |title=Building the foundation for Lab of the Future using AWS |author=Coker, S.; Atnoor, D.; Buckner, P. |work=AWS for Industries |publisher=Amazon Web Services |date=11 September 2019 |accessdate=28 July 2023}}</ref> It's also worth noting that numerous [[laboratory information management system]] (LIMS) and [[laboratory information system]] (LIS) developers have offered their solution on AWS over the years, including [[Vendor:STARLIMS Corporation|STARLIMS Corporation]]<ref name="AbbotCloud">{{cite web |url=https://www.starlims.com/offerings/cloud-services/ |title=Cloud Services |publisher=STARLIMS Corporation |accessdate=28 July 2023}}</ref>, [[Vendor:Core Informatics, LLC|Core Informatics, LLC]]<ref name="AWSCore17">{{cite web |url=https://aws.amazon.com/solutions/case-studies/core-informatics/ |archiveurl=https://web.archive.org/web/20170507183040/https://aws.amazon.com/solutions/case-studies/core-informatics/ |title=Core Informatics Case Study |publisher=Amazon Web Services |date=2017 |archivedate=07 May 2017 |accessdate=28 July 2023}}</ref>, [[Vendor:LabLynx, Inc.|LabLynx, Inc.]]<ref name="LLXCloud">{{cite web |url=https://www.lablynx.com/news-events/securing-your-lims-in-the-cloud/ |title=Securing Your LIMS in the Cloud |author=Casper, C. |publisher=LabLynx, Inc |accessdate=28 July 2023}}</ref>, [[Vendor:Orchard Software Corporation|Orchard Software Corporation]]<ref name="OrchardAnnounce20">{{cite web |url=https://www.orchardsoft.com/press_release/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers/ |title=Orchard Announces Amazon Web Service–based Cloud Services Solution for Its Orchard Harvest Customers |publisher=Orchard Software Corporation |date=05 October 2020 |accessdate=28 July 2023}}</ref>, [[PD Evidence, LLC]]<ref name="AWSPDEv18">{{cite web |url=https://aws.amazon.com/solutions/case-studies/pdevidence/ |title=PDEvidence Helps Solve Crimes Faster Using Automated AWS-Based System |publisher=Amazon Web Services |date=2018 |accessdate=28 July 2023}}</ref>, and [[Vendor:Thermo Scientific|Thermo Scientific]].<ref name="HallNew20">{{cite web |url=https://www.rdworldonline.com/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud/ |title=New deployment model optimizes LIMS implementation in the Amazon Web Services Cloud |author=Hall, H. |work=R&D World |date=04 August 2020 |accessdate=28 July 2023}}</ref> An AWS representative is likely to be able to supply more examples of laboratories and [[laboratory informatics]] developers that use or have used AWS.




2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''
2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''


It will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about AWS integrations. AWS offers a variety of Application Integration services, described as "a suite of services that enable communication between decoupled components within microservices, distributed systems, and serverless applications."<ref name="AWSApplication">{{cite web |url=https://aws.amazon.com/products/application-integration/ |title=Application Integration on AWS |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> This includes management for [[application programming interface]]s, event-driven architectures, messaging, data flows, and serverless [[workflow]]s.<ref name="AWSApplication" /> Additionally, AWS applies a variety of techniques to integrate with existing on-premises system, including AWS Outposts<ref name="AWSOutposts">{{cite web |url=https://aws.amazon.com/outposts/ |title=AWS Outposts |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref>, as well as the combination of AWS DataSync with File Gateway.<ref name="RajamaniFrom20">{{cite web |url=https://aws.amazon.com/blogs/storage/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares/ |title=From on premises to AWS: Hybrid-cloud architecture for network file shares |author=Rajamani, S.; Bartley, J. |work=AWS Storage Blog |publisher=Amazon Web Services |date=27 November 2020 |accessdate=25 April 2021}}</ref> Another document worth examining is AWS' eBook on [https://pages.awscloud.com/rs/112-TZM-766/images/Building-Your-Hybrid-Cloud-Strategy-eBook.pdf building a hybrid cloud strategy].
It will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about AWS integrations. AWS offers a variety of Application Integration services, described as "a suite of services that enable communication between decoupled components within microservices, distributed systems, and serverless applications."<ref name="AWSApplication">{{cite web |url=https://aws.amazon.com/products/application-integration/ |title=Application Integration on AWS |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> This includes management for [[application programming interface]]s, event-driven architectures, messaging, data flows, and serverless [[workflow]]s.<ref name="AWSApplication" /> Additionally, AWS applies a variety of techniques to integrate with existing on-premises system, including AWS Outposts<ref name="AWSOutposts">{{cite web |url=https://aws.amazon.com/outposts/ |title=AWS Outposts |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref>, as well as the combination of AWS DataSync with File Gateway.<ref name="RajamaniFrom20">{{cite web |url=https://aws.amazon.com/blogs/storage/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares/ |title=From on premises to AWS: Hybrid-cloud architecture for network file shares |author=Rajamani, S.; Bartley, J. |work=AWS Storage Blog |publisher=Amazon Web Services |date=27 November 2020 |accessdate=28 July 2023}}</ref> Another document worth examining is AWS' eBook on [https://pages.awscloud.com/rs/112-TZM-766/images/Building-Your-Hybrid-Cloud-Strategy-eBook.pdf building a hybrid cloud strategy].




3. '''What is the average total historical downtime for the service(s) we're interested in?'''
3. '''What is the average total historical downtime for the service(s) we're interested in?'''


You'll largely have to ask this of AWS and see what response they give you. That said, third parties like StatusGator have been [https://statusgator.com/services/amazon-web-services monitoring AWS downtime] for years and make for one possible option to assess the types of historical downtime AWS has seen. Historically, AWS outages have garnered a number of headlines over the years, pretty much every year since at least 2011.<ref name="RIQTop">{{cite web |url=https://www.readitquik.com/articles/cloud-3/top-7-aws-outages-that-wreaked-havoc/ |title=Top 7 AWS Outages That Wreaked Havoc |author=RIQ News Desk |work=ReadITQuik |accessdate=25 April 2021}}</ref><ref name="SwearingenWhen18">{{cite web |url=https://nymag.com/intelligencer/2018/03/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html |title=When Amazon Web Services Goes Down, So Does a Lot of the Web |author=Swearingen, J. |work=Intelligencer |date=02 March 2018 |accessdate=25 April 2021}}</ref><ref name="MaloneBusinesses20">{{cite web |url=https://www.ciodive.com/news/aws-outage-cloud-recovery-interoperability/589844/ |title=Businesses can avoid cloud provider downtime with redundancy — but at what cost? |author=Malone, K. |work=CIODive |date=30 November 2020 |accessdate=25 April 2021}}</ref> One must keep in mind, however, that these reported outages affect only certain regions or services, not the entirety of AWS. Which is why it's important to get numbers from an AWS representative about, realistically, what sort of outage you should expect for your specific services, keeping in mind how AWS measures uptime percentages in its service agreements.<ref name="AWSAmazonSLA20">{{cite web |url=https://aws.amazon.com/compute/sla/ |title=Amazon Compute Service Level Agreement |publisher=Amazon Web Services |date=22 July 2020 |accessdate=25 April 2021}}</ref>
You'll largely have to ask this of AWS and see what response they give you. That said, third parties like StatusGator have been [https://statusgator.com/services/amazon-web-services monitoring AWS downtime] for years and make for one possible option to assess the types of historical downtime AWS has seen. Historically, AWS outages have garnered a number of headlines over the years, pretty much every year since at least 2011.<ref name="RIQTop">{{cite web |url=https://www.readitquik.com/articles/cloud-3/top-7-aws-outages-that-wreaked-havoc/ |title=Top 7 AWS Outages That Wreaked Havoc |author=RIQ News Desk |work=ReadITQuik |accessdate=28 July 2023}}</ref><ref name="SwearingenWhen18">{{cite web |url=https://nymag.com/intelligencer/2018/03/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html |title=When Amazon Web Services Goes Down, So Does a Lot of the Web |author=Swearingen, J. |work=Intelligencer |date=02 March 2018 |accessdate=28 July 2023}}</ref><ref name="MaloneBusinesses20">{{cite web |url=https://www.ciodive.com/news/aws-outage-cloud-recovery-interoperability/589844/ |title=Businesses can avoid cloud provider downtime with redundancy — but at what cost? |author=Malone, K. |work=CIODive |date=30 November 2020 |accessdate=28 July 2023}}</ref> One must keep in mind, however, that these reported outages affect only certain regions or services, not the entirety of AWS. Which is why it's important to get numbers from an AWS representative about, realistically, what sort of outage you should expect for your specific services, keeping in mind how AWS measures uptime percentages in its service agreements.<ref name="AWSAmazonSLA20">{{cite web |url=https://aws.amazon.com/compute/sla/ |title=Amazon Compute Service Level Agreement |publisher=Amazon Web Services |date=25 May 2022 |accessdate=28 July 2023}}</ref>




Line 65: Line 65:
5. '''Where are your servers located, and how is data securely transferred to and from those servers?'''
5. '''Where are your servers located, and how is data securely transferred to and from those servers?'''


AWS has 80 Availability Zones, each with one or more discrete data centers, with 15 more Availability Zones planned (as of April 2021).<ref name="AWSGlobal" /> These zones are distributed in various locations around the world, with Africa and South America the least represented. AWS uses its content delivery network Amazon Cloudfront, which "securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment." Security capabilities for Cloudfront include field-level encryption, HTTPS, and multiple other layers of Amazon protection.<ref name="AWSCloudfront">{{cite web |url=https://aws.amazon.com/cloudfront/ |title=Amazon Cloudfront |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> When moving data to and from on-premises and AWS systems, AWS provides AWS DataSync, which ensures "end-to-end security, including encryption and integrity validation, to ensure your data arrives securely, intact, and ready to use."<ref name="AWSDataSync">{{cite web |url=https://aws.amazon.com/datasync/ |title=AWS DataSync |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> Data in motion is encrypted using a trimmed-down version of Transport Layer Security (TLS) called s2n, designed "to provide you with network encryption that is easier to understand and that is fully auditable."<ref name="BeerTheImport20">{{cite web |url=https://aws.amazon.com/blogs/security/importance-of-encryption-and-how-aws-can-help |title=The importance of encryption and how AWS can help |author=Beer, K. |work=AWS Security Blog |date=11 June 2020 |accessdate=25 April 2021}}</ref> Other protections are in place as well, as seen in the [https://wa.aws.amazon.com/wat.question.SEC_9.en.html security portion] of AWS' Well-Architected Framework. As for data localization and residency requirements, an [https://d1.awsstatic.com/product-marketing/Outposts/AWS%20Outposts%20Data%20Residency%20eBook.pdf AWS eBook on the topic] addresses some elements of this topic, largely in the scope of Amazon Outposts; discuss the topic further with an AWS representative.
AWS has 80 Availability Zones, each with one or more discrete data centers, with 15 more Availability Zones planned (as of April 2021).<ref name="AWSGlobal" /> These zones are distributed in various locations around the world, with Africa and South America the least represented. AWS uses its content delivery network Amazon Cloudfront, which can "securely deliver content with low latency and high transfer speeds." Security capabilities for Cloudfront include field-level encryption, HTTPS, and multiple other layers of Amazon protection.<ref name="AWSCloudfront">{{cite web |url=https://aws.amazon.com/cloudfront/ |title=Amazon Cloudfront |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> When moving data to and from on-premises and AWS systems, AWS provides AWS DataSync, which ensures "end-to-end security, including data encryption and data integrity validation" to "simplify and accelerate secure data migrations."<ref name="AWSDataSync">{{cite web |url=https://aws.amazon.com/datasync/ |title=AWS DataSync |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> Data in motion is encrypted using a trimmed-down version of Transport Layer Security (TLS) called s2n, designed "to provide you with network encryption that is easier to understand and that is fully auditable."<ref name="BeerTheImport20">{{cite web |url=https://aws.amazon.com/blogs/security/importance-of-encryption-and-how-aws-can-help/ |title=The importance of encryption and how AWS can help |author=Beer, K. |work=AWS Security Blog |date=11 June 2020 |accessdate=28 July 2023}}</ref> Other protections are in place as well, as seen in the [https://wa.aws.amazon.com/wat.question.SEC_9.en.html security portion] of AWS' Well-Architected Framework. As for data localization and residency requirements, an [https://d1.awsstatic.com/product-marketing/Outposts/AWS%20Outposts%20Data%20Residency%20eBook.pdf AWS eBook on the topic] addresses some elements of this topic, largely in the scope of Amazon Outposts; discuss the topic further with an AWS representative.




Line 80: Line 80:
8. '''How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)'''
8. '''How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)'''


Like [[Alibaba Cloud|Alibaba]], AWS have moved past a paradigm of physical separation of data pools. In 2020, writing for AWS, Hyun and Anderson updated [https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/ their whitepaper] on logical separation on AWS, addressing how "identity management, network security, serverless and containers services, host and instance features, logging, and encryption" can fill the same shoes as physical separation, while also providing a U.S. Department of Defense use case that highlights logical separation as meeting physical separation intent.<ref name="HyunLogical20">{{cite web |url=https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/ |title=Logical separation: Moving beyond physical isolation in the cloud computing era |author=Hyun, M.; Anderson, T. |work=AWS Security Blog |date=29 July 2020 |accessdate=25 April 2021}}</ref>
Like [[Alibaba Cloud|Alibaba]], AWS have moved past a paradigm of physical separation of data pools. In 2020, writing for AWS, Hyun and Anderson updated [https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/ their whitepaper] on logical separation on AWS, addressing how "identity management, network security, serverless and containers services, host and instance features, logging, and encryption" can fill the same shoes as physical separation, while also providing a U.S. Department of Defense use case that highlights logical separation as meeting physical separation intent.<ref name="HyunLogical20">{{cite web |url=https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/ |title=Logical separation: Moving beyond physical isolation in the cloud computing era |author=Hyun, M.; Anderson, T. |work=AWS Security Blog |date=29 July 2020 |accessdate=28 July 2023}}</ref>


However, the concept of tenant isolation is [https://aws.amazon.com/partners/programs/saas-factory/tenant-isolation/ addressed by AWS] in multiple ways, from whitepapers to training courses and videos. The [https://d1.awsstatic.com/whitepapers/saas-tenant-isolation-strategies.pdf primary whitepaper] addresses the concepts and architecture behind AWS' tenant isolation practices, primarily as they relate to [[software as a service]] (SaaS). Further technical details on how your data is segregated, if required, may be garnered in discussion with AWS.
However, the concept of tenant isolation is [https://aws.amazon.com/blogs/security/security-practices-in-aws-multi-tenant-saas-environments/ addressed by AWS] in multiple ways, from whitepapers to training courses and videos. The [https://d1.awsstatic.com/whitepapers/saas-tenant-isolation-strategies.pdf primary whitepaper] addresses the concepts and architecture behind AWS' tenant isolation practices, primarily as they relate to [[software as a service]] (SaaS). Further technical details on how your data is segregated, if required, may be garnered in discussion with AWS.




9. '''Do you have documented data security policies?'''
9. '''Do you have documented data security policies?'''


AWA documents its security practices in several places:
AWS documents its security practices in several places:


* [https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf Introduction to AWS Security whitepaper]
* [https://docs.aws.amazon.com/pdfs/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf Introduction to AWS Security whitepaper]
* [https://aws.amazon.com/security/ AWS security page]
* [https://aws.amazon.com/security/ AWS security page]
* [https://aws.amazon.com/compliance/ AWS trust center]
* [https://aws.amazon.com/compliance/ AWS trust center]
Line 98: Line 98:
10. '''How do you test your platform's security?'''
10. '''How do you test your platform's security?'''


According to Amazon, customers are allowed to perform penetration testing of [https://aws.amazon.com/security/penetration-testing/ eight of its services] without prior approval, though "[c]ustomers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves."<ref name="AWSPenetrat">{{cite web |url=https://aws.amazon.com/security/penetration-testing/ |title=Penetration Testing |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> Other types of testing that are allowed, with restrictions, include network stress testing, DDoS simulation testing, and other simulated events.<ref name="AWSPenetrat" /> Amazon also appears to have a bug bounty program, managed by HackerOne.<ref name="HackerOneAmazon">{{cite web |url=https://hackerone.com/amazonvrp?type=team |title=Amazon Vulnerability Research Program |publisher=HackerOne |date=April 2020 |accessdate=25 April 2021}}</ref> As for AWS running attack-and-defense drills or breach and attach simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with an AWS representative.
According to Amazon, customers are allowed to perform penetration testing of [https://aws.amazon.com/security/penetration-testing/ eight of its services] without prior approval, though "[c]ustomers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves."<ref name="AWSPenetrat">{{cite web |url=https://aws.amazon.com/security/penetration-testing/ |title=Penetration Testing |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> Other types of testing that are allowed, with restrictions, include network stress testing, DDoS simulation testing, and other simulated events.<ref name="AWSPenetrat" /> Amazon also appears to have a bug bounty program, managed by HackerOne.<ref name="HackerOneAmazon">{{cite web |url=https://hackerone.com/amazonvrp?type=team |title=Amazon Vulnerability Research Program |publisher=HackerOne |date=April 2020 |accessdate=28 July 2023}}</ref> As for AWS running attack-and-defense drills or breach and attach simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with an AWS representative.




11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''
11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''


''Audits'': Per AWS: "AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs."<ref name="AWSRisk21">{{cite web |url=https://docs.aws.amazon.com/whitepapers/latest/aws-risk-and-compliance/aws-risk-and-compliance-program.html |title=AWS risk and compliance program |work=Amazon Web Services: Risk and Compliance |publisher=Amazon Web Services |date=11 March 2021 |accessdate=25 April 2021}}</ref> This is demonstrated by its compliance credentials (e.g., see its trust center). AWS also [https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html provides guidance] for customers conducting security audits of their own configurations, etc.
''Audits'': Per AWS: "AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs."<ref name="AWSRisk21">{{cite web |url=https://docs.aws.amazon.com/whitepapers/latest/aws-risk-and-compliance/aws-risk-and-compliance-program.html |title=AWS risk and compliance program |work=Amazon Web Services: Risk and Compliance |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> This is demonstrated by its compliance credentials (e.g., see its trust center). AWS also [https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html provides guidance] for customers conducting security audits of their own configurations, etc.


''Intrusion detection and reporting'': AWS details its intrusion detection and prevention systems for its EC2 products in [https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_01_TSB_Final.pdf a two-page brochure]. They state that these tools are capable of "alerting administrators of possible incidents, logging information, and reporting attempts," and are able to "actively prevent or block intrusions that are detected."<ref name="AWSIntrusion">{{cite web |url=https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_01_TSB_Final.pdf |format=PDF |title=Intrusion Detection Systems and Intrusion Prevention Systems for EC2 Instances |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> AWS also has Amazon GuardDuty for Amazon S3 instances, able "to identify unusual activity within your accounts, analyze the security relevance of the activity, given the context in which it was invoked, and apply predictive probability to make a final verdict on whether that activity is sufficiently anomalous to warrant investigation."<ref name="MegiddoHowYou21">{{cite web |url=https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/ |title=How you can use Amazon GuardDuty to detect suspicious activity within your AWS account |author=Megiddo, A. |work=AWS Security Blog |publisher=Amazon Web Services |date=12 March 2021 |accessdate=25 April 2021}}</ref> Confirm the intrusion detection and reporting services available to you for the services you plan to use.
''Intrusion detection and reporting'': AWS details its intrusion detection and prevention systems for its EC2 products in [https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_01_TSB_Final.pdf a two-page brochure]. They state that these tools are capable of "alerting administrators of possible incidents, logging information, and reporting attempts," and are able to "actively prevent or block intrusions that are detected."<ref name="AWSIntrusion">{{cite web |url=https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_01_TSB_Final.pdf |format=PDF |title=Intrusion Detection Systems and Intrusion Prevention Systems for EC2 Instances |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> AWS also has Amazon GuardDuty for Amazon S3 instances, able "to identify unusual activity within your accounts, analyze the security relevance of the activity, given the context in which it was invoked, and apply predictive probability to make a final verdict on whether that activity is sufficiently anomalous to warrant investigation."<ref name="MegiddoHowYou21">{{cite web |url=https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/ |title=How you can use Amazon GuardDuty to detect suspicious activity within your AWS account |author=Megiddo, A. |work=AWS Security Blog |publisher=Amazon Web Services |date=12 March 2021 |accessdate=28 July 2023}}</ref> Confirm the intrusion detection and reporting services available to you for the services you plan to use.




12. '''What data logging information is kept and acted upon in relation to our data?'''
12. '''What data logging information is kept and acted upon in relation to our data?'''


AWS has several data logging tools for customers, including [https://aws.amazon.com/solutions/implementations/centralized-logging/ Centralized Logging], [https://aws.amazon.com/cloudwatch/ Amazon CloudWatch], and [https://aws.amazon.com/cloudtrail/ AWS CloudTrail]. AWS makes its [https://aws.amazon.com/privacy/ data privacy policy] relatively clear; however, AWS doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. (They only state that they automatically collect "offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs."<ref name="AWSPrivacy">{{cite web |url=https://aws.amazon.com/privacy/ |title=Privacy Notice |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref>) Be sure an AWS representative is clear about what logging information they collect and use as it relates to your data.
AWS has several data logging tools for customers, including [https://aws.amazon.com/solutions/implementations/centralized-logging/ Centralized Logging], [https://aws.amazon.com/cloudwatch/ Amazon CloudWatch], and [https://aws.amazon.com/cloudtrail/ AWS CloudTrail]. AWS makes its [https://aws.amazon.com/privacy/ data privacy policy] relatively clear; however, AWS doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. (They only state that they automatically collect "offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs."<ref name="AWSPrivacy">{{cite web |url=https://aws.amazon.com/privacy/ |title=Privacy Notice |publisher=Amazon Web Services |date=30 June 2023 |accessdate=28 July 2023}}</ref>) Be sure an AWS representative is clear about what logging information they collect and use as it relates to your data.




Line 120: Line 120:
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''


Yes, AWS will sign a business associate agreement.<ref name="AWSHIPAA">{{cite web |url=https://aws.amazon.com/compliance/hipaa-compliance/ |title=HIPAA |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> Consult their [https://aws.amazon.com/compliance/hipaa-compliance/ HIPAA compliance page] for more details on their approach to [[HIPAA]] compliance.
Yes, AWS will sign a business associate agreement.<ref name="AWSHIPAA">{{cite web |url=https://aws.amazon.com/compliance/hipaa-compliance/ |title=HIPAA |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> Consult their [https://aws.amazon.com/compliance/hipaa-compliance/ HIPAA compliance page] for more details on their approach to [[HIPAA]] compliance.




15. '''What happens to our data should the contract expire or be terminated?'''
15. '''What happens to our data should the contract expire or be terminated?'''


The AWS base agreement states<ref name="AWSAgreement">{{cite web |url=https://aws.amazon.com/agreement/ |title=AWS Customer Agreement |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref>:
The AWS base agreement states<ref name="AWSAgreement">{{cite web |url=https://aws.amazon.com/agreement/ |title=AWS Customer Agreement |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref>:


<blockquote>Unless we terminate your use of the Service Offerings pursuant to Section 7.2(b), during the 30 days following the Termination Date:
<blockquote>Unless we terminate your use of the Service Offerings pursuant to Section 7.2(b), during the 30 days following the Termination Date:
Line 138: Line 138:
16. '''What happens to our data should you go out of business or suffer a catastrophic event?'''
16. '''What happens to our data should you go out of business or suffer a catastrophic event?'''


It's not publicly clear how AWS would handle your data should they go out of business; consult with an AWS representative about this topic. As for catastrophic events, most documentation from AWS seems to address how you, the customer, should address disaster recovery, but little discusses AWS' own approach to catastrophic events. Like Alibaba, AWS uses three zones for redundancy: "Amazon S3 objects are stored across a minimum of three Availability Zones providing 99.999999999% durability of objects over a given year. Regardless of your cloud provider, there is the potential for failures to impact your workload. Therefore, you must take steps to implement resiliency if you need your workload to be reliability [''sic'']."<ref name="AWSFailure">{{cite web |url=https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/failure-management.html |title=Failure Management |work=Reliability Pillar |publisher=Amazon Web Services |date=July 2020 |accessdate=25 April 2021}}</ref> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an AWS representative.
It's not publicly clear how AWS would handle your data should they go out of business; consult with an AWS representative about this topic. As for catastrophic events, most documentation from AWS seems to address how you, the customer, should address disaster recovery, but little discusses AWS' own approach to catastrophic events. Like Alibaba, AWS uses three zones for redundancy: "All EBS volumes are designed for 99.999% availability. Amazon S3 objects are stored across a minimum of three Availability Zones providing 99.999999999% durability of objects over a given year. Regardless of your cloud provider, there is the potential for failures to impact your workload. Therefore, you must take steps to implement resiliency if you need your workload to be reliable."<ref name="AWSFailure">{{cite web |url=https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/failure-management.html |title=Failure Management |work=Reliability Pillar |publisher=Amazon Web Services |accessdate=28 July 2023}}</ref> It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an AWS representative.




17. '''Can we use your interface to extract our data when we want, and in what format will it be?'''
17. '''Can we use your interface to extract our data when we want, and in what format will it be?'''


AWS doesn't make it publicly clear how data migration from AWS to another cloud service would work. However, they advertise their AWS DataSync service "for moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services."<ref name="AWSDataSync">{{cite web |url=https://aws.amazon.com/datasync |title=AWS DataSync |publisher=Amazon Web Services |accessdate=25 April 2021}}</ref> They also offer a [https://aws.amazon.com/dms/ database migration service] from your systems to AWS. But AWS doesn't appear to address migrating data from their systems. Your data would presumably be in some AWS database format. One article author has even stated that transferring data out of AWS costs money<ref name="OlesAGuide19">{{cite web |url=https://severalnines.com/database-blog/guide-automated-cloud-database-deployments |title=A Guide to Automated Cloud Database Deployments |author=Oles, B. |work=SeveralNines |date=14 August 2019 |accessdate=25 April 2021}}</ref>, though it's not clear if this is true. It's unclear whether or not a third-party cloud transfer service (e.g., Cloudsfer) would be required or useful when moving from AWS to another cloud service. In the end, if there are still questions on this topic, discuss it with an AWS representative.
AWS doesn't make it publicly clear how data migration from AWS to another cloud service would work. However, they advertise their AWS DataSync service "for moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services."<ref name="AWSDataSync" /> They also offer a [https://aws.amazon.com/dms/ database migration service] from your systems to AWS. But AWS doesn't appear to address migrating data from their systems. Your data would presumably be in some AWS database format. One article author has even stated that transferring data out of AWS costs money<ref name="OlesAGuide19">{{cite web |url=https://severalnines.com/blog/guide-automated-cloud-database-deployments/ |title=A Guide to Automated Cloud Database Deployments |author=Oles, B. |work=SeveralNines |date=14 August 2019 |accessdate=28 July 2023}}</ref>, though it's not clear if this is true. It's unclear whether or not a third-party cloud transfer service (e.g., Cloudsfer) would be required or useful when moving from AWS to another cloud service. In the end, if there are still questions on this topic, discuss it with an AWS representative.




Line 151: Line 151:


==Managed security services==
==Managed security services==
AWS doesn't appear to explicitly advertise "managed security services." AWS does, however, offer a standard managed services portfolio through its AWS Managed Services offering.<ref name="AWSMana">{{cite web |url=https://aws.amazon.com/managed-services/ |title=AWS Managed Services |publisher=AWS |accessdate=27 May 2021}}</ref> Security and network management is offered as services of AWS Managed Services, but the breadth of that security management is dependent on which operations plan is selected: Accelerate or Advanced. At both levels, security monitoring is provided using AWS GuardDuty/Amazon Macie. However, it's security conformance, IAM and security review, access management, managed firewall, endpoint protection, and network configuration varies depending on the plan chosen. Consult the [https://aws.amazon.com/managed-services/features/ plan feature table] on AWS to learn more.<ref name="AWSManFeat">{{cite web |url=https://aws.amazon.com/managed-services/features/ |title=AWS Managed Services Features |publisher=AWS |accessdate=27 May 2021}}</ref>
AWS doesn't appear to explicitly advertise "managed security services" (though it references third-party MSSP parterners).<ref name="AWSMSSP">{{cite web |url=https://aws.amazon.com/mssp/ |title=AWS Managed Security Service Providers |publisher=AWS |accessdate=28 July 2023}}</ref> AWS does, however, offer a standard managed services portfolio through its AWS Managed Services offering.<ref name="AWSMana">{{cite web |url=https://aws.amazon.com/managed-services/ |title=AWS Managed Services |publisher=AWS |accessdate=28 July 2023}}</ref> Security and network management is offered as services of AWS Managed Services, but the breadth of that security management is dependent on which operations plan is selected: Accelerate or Advanced. At both levels, security monitoring is provided using AWS GuardDuty/Amazon Macie. However, it's security conformance, IAM and security review, access management, managed firewall, endpoint protection, and network configuration varies depending on the plan chosen. Consult the [https://aws.amazon.com/managed-services/features/ plan feature table] on AWS to learn more.<ref name="AWSManFeat">{{cite web |url=https://aws.amazon.com/managed-services/features/ |title=AWS Managed Services Features |publisher=AWS |accessdate=28 July 2023}}</ref>




Line 157: Line 157:


===Documentation and other media===
===Documentation and other media===
* [https://docs.aws.amazon.com/whitepapers/latest/architecting-hipaa-security-and-compliance-on-aws/architecting-hipaa-security-and-compliance-on-aws.pdf Architecting for HIPAA whitepaper]
* [https://docs.aws.amazon.com/pdfs/whitepapers/latest/architecting-hipaa-security-and-compliance-on-aws/architecting-hipaa-security-and-compliance-on-aws.pdf Architecting for HIPAA whitepaper]
* [https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-workloads-on-aws.pdf Disaster Recovery of Workloads whitepaper]
* [https://docs.aws.amazon.com/pdfs/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-workloads-on-aws.pdf Disaster Recovery of Workloads whitepaper]
* [https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf Introduction to AWS Security whitepaper]
* [https://docs.aws.amazon.com/pdfs/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf Introduction to AWS Security whitepaper]


===External links===
===External links===
* [https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ Amazon Web Services architecture framework or description]
* [https://aws.amazon.com/blogs/apn/the-6-pillars-of-the-aws-well-architected-framework/ Amazon Web Services architecture framework or description]
* [https://aws.amazon.com/managed-services/ Amazon Web Services Managed Services]
* [https://aws.amazon.com/managed-services/ Amazon Web Services Managed Services]
* [https://aws.amazon.com/compliance/shared-responsibility-model/ Amazon Web Services shared responsibility model]
* [https://aws.amazon.com/compliance/shared-responsibility-model/ Amazon Web Services shared responsibility model]
Line 169: Line 169:
==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}
<!---Place all category tags here-->
[[Category:Cloud computing services]]
[[Category:Managed security services]]

Latest revision as of 17:53, 12 April 2024

Amazon Web Services
Industry Cloud computing, Web services
Founder(s) Jeff Bezos
Headquarters Seattle, Washington, United States
Area served Worldwide
Key people Adam Selipsky (CEO)
Products IaaS, PaaS, DBaaS, DaaS
Revenue $21.35 billion (2023 Q1)[1]
Parent Amazon
Website aws.amazon.com


Amazon Web Services ( also known as AWS) is an American cloud computing company that provides public, private, hybrid, and multicloud solutions to enterprises, organizations, governments, and individuals. AWS has more than 120 data centers distributed in various locations around the world, with Africa and South America the least represented.[2][3] The company provides more than 200 different products and services representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, cloud communication, data analysis, media management, container and middleware management, developer support, scientific computing, internet of things, and virtual and augmented reality.[2][4]

Provider research

This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.


1. What experience do you have working with laboratory customers in our specific industry?

Examples of labs that have worked with AWS include Glidewell Laboratories[5], Merck Research Laboratories[6], National Renewable Energy Laboratory[7], and the Innovation Lab.[8] Additionally, an AWS article titled "Building the foundation for Lab of the Future using AWS" published in 2019 provides some insight into what a laboratory integrated with AWS cloud offerings might look like.[9] It's also worth noting that numerous laboratory information management system (LIMS) and laboratory information system (LIS) developers have offered their solution on AWS over the years, including STARLIMS Corporation[10], Core Informatics, LLC[11], LabLynx, Inc.[12], Orchard Software Corporation[13], PD Evidence, LLC[14], and Thermo Scientific.[15] An AWS representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used AWS.


2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?

It will ultimately be up to your organization to get an answer tailored to your systems and business processes. However, this much can be said about AWS integrations. AWS offers a variety of Application Integration services, described as "a suite of services that enable communication between decoupled components within microservices, distributed systems, and serverless applications."[16] This includes management for application programming interfaces, event-driven architectures, messaging, data flows, and serverless workflows.[16] Additionally, AWS applies a variety of techniques to integrate with existing on-premises system, including AWS Outposts[17], as well as the combination of AWS DataSync with File Gateway.[18] Another document worth examining is AWS' eBook on building a hybrid cloud strategy.


3. What is the average total historical downtime for the service(s) we're interested in?

You'll largely have to ask this of AWS and see what response they give you. That said, third parties like StatusGator have been monitoring AWS downtime for years and make for one possible option to assess the types of historical downtime AWS has seen. Historically, AWS outages have garnered a number of headlines over the years, pretty much every year since at least 2011.[19][20][21] One must keep in mind, however, that these reported outages affect only certain regions or services, not the entirety of AWS. Which is why it's important to get numbers from an AWS representative about, realistically, what sort of outage you should expect for your specific services, keeping in mind how AWS measures uptime percentages in its service agreements.[22]


4. Do we receive comprehensive downtime support in the case of downtime?

AWS does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with AWS what downtime support they provide based on the services your organization are interested in.


5. Where are your servers located, and how is data securely transferred to and from those servers?

AWS has 80 Availability Zones, each with one or more discrete data centers, with 15 more Availability Zones planned (as of April 2021).[2] These zones are distributed in various locations around the world, with Africa and South America the least represented. AWS uses its content delivery network Amazon Cloudfront, which can "securely deliver content with low latency and high transfer speeds." Security capabilities for Cloudfront include field-level encryption, HTTPS, and multiple other layers of Amazon protection.[23] When moving data to and from on-premises and AWS systems, AWS provides AWS DataSync, which ensures "end-to-end security, including data encryption and data integrity validation" to "simplify and accelerate secure data migrations."[24] Data in motion is encrypted using a trimmed-down version of Transport Layer Security (TLS) called s2n, designed "to provide you with network encryption that is easier to understand and that is fully auditable."[25] Other protections are in place as well, as seen in the security portion of AWS' Well-Architected Framework. As for data localization and residency requirements, an AWS eBook on the topic addresses some elements of this topic, largely in the scope of Amazon Outposts; discuss the topic further with an AWS representative.


6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?

AWS discusses personnel and third-party access management in regards to physical data security on its data center controls page. However, it does not reference the specific certifications and training required for those who have permission to access your data. You will have to inquire with AWS about these considerations when asking this question.


7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?

Not all AWS machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.


8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)

Like Alibaba, AWS have moved past a paradigm of physical separation of data pools. In 2020, writing for AWS, Hyun and Anderson updated their whitepaper on logical separation on AWS, addressing how "identity management, network security, serverless and containers services, host and instance features, logging, and encryption" can fill the same shoes as physical separation, while also providing a U.S. Department of Defense use case that highlights logical separation as meeting physical separation intent.[26]

However, the concept of tenant isolation is addressed by AWS in multiple ways, from whitepapers to training courses and videos. The primary whitepaper addresses the concepts and architecture behind AWS' tenant isolation practices, primarily as they relate to software as a service (SaaS). Further technical details on how your data is segregated, if required, may be garnered in discussion with AWS.


9. Do you have documented data security policies?

AWS documents its security practices in several places:

Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with an AWS representative to obtain them.


10. How do you test your platform's security?

According to Amazon, customers are allowed to perform penetration testing of eight of its services without prior approval, though "[c]ustomers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves."[27] Other types of testing that are allowed, with restrictions, include network stress testing, DDoS simulation testing, and other simulated events.[27] Amazon also appears to have a bug bounty program, managed by HackerOne.[28] As for AWS running attack-and-defense drills or breach and attach simulations on its own infrastructure, no public information could be found regarding this. You'll have to discuss this topic with an AWS representative.


11. What are your policies for security audits, intrusion detection, and intrusion reporting?

Audits: Per AWS: "AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs."[29] This is demonstrated by its compliance credentials (e.g., see its trust center). AWS also provides guidance for customers conducting security audits of their own configurations, etc.

Intrusion detection and reporting: AWS details its intrusion detection and prevention systems for its EC2 products in a two-page brochure. They state that these tools are capable of "alerting administrators of possible incidents, logging information, and reporting attempts," and are able to "actively prevent or block intrusions that are detected."[30] AWS also has Amazon GuardDuty for Amazon S3 instances, able "to identify unusual activity within your accounts, analyze the security relevance of the activity, given the context in which it was invoked, and apply predictive probability to make a final verdict on whether that activity is sufficiently anomalous to warrant investigation."[31] Confirm the intrusion detection and reporting services available to you for the services you plan to use.


12. What data logging information is kept and acted upon in relation to our data?

AWS has several data logging tools for customers, including Centralized Logging, Amazon CloudWatch, and AWS CloudTrail. AWS makes its data privacy policy relatively clear; however, AWS doesn't appear to make it publicly clear if they use these tools for their own data logging, let alone what they do with data logs related to your data. (They only state that they automatically collect "offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs."[32]) Be sure an AWS representative is clear about what logging information they collect and use as it relates to your data.


13. How thorough are those logs and can we audit them on-demand?

Most AWS documentation references managing and viewing logs related to your own activities. However, unlike Alibaba, it's unclear if you are able to audit internal AWS logs on-demand. This is a conversation to have with an AWS representative.


14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?

Yes, AWS will sign a business associate agreement.[33] Consult their HIPAA compliance page for more details on their approach to HIPAA compliance.


15. What happens to our data should the contract expire or be terminated?

The AWS base agreement states[34]:

Unless we terminate your use of the Service Offerings pursuant to Section 7.2(b), during the 30 days following the Termination Date:

(i) we will not take action to remove from the AWS systems any of Your Content as a result of the termination; and

(ii) we will allow you to retrieve Your Content from the Services only if you have paid all amounts due under this Agreement.

However, clarify this policy in full with an AWS representative.


16. What happens to our data should you go out of business or suffer a catastrophic event?

It's not publicly clear how AWS would handle your data should they go out of business; consult with an AWS representative about this topic. As for catastrophic events, most documentation from AWS seems to address how you, the customer, should address disaster recovery, but little discusses AWS' own approach to catastrophic events. Like Alibaba, AWS uses three zones for redundancy: "All EBS volumes are designed for 99.999% availability. Amazon S3 objects are stored across a minimum of three Availability Zones providing 99.999999999% durability of objects over a given year. Regardless of your cloud provider, there is the potential for failures to impact your workload. Therefore, you must take steps to implement resiliency if you need your workload to be reliable."[35] It's highly unlikely that all three zones would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with an AWS representative.


17. Can we use your interface to extract our data when we want, and in what format will it be?

AWS doesn't make it publicly clear how data migration from AWS to another cloud service would work. However, they advertise their AWS DataSync service "for moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services."[24] They also offer a database migration service from your systems to AWS. But AWS doesn't appear to address migrating data from their systems. Your data would presumably be in some AWS database format. One article author has even stated that transferring data out of AWS costs money[36], though it's not clear if this is true. It's unclear whether or not a third-party cloud transfer service (e.g., Cloudsfer) would be required or useful when moving from AWS to another cloud service. In the end, if there are still questions on this topic, discuss it with an AWS representative.


18. Are your support services native or outsourced/offshored?

It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with an AWS representative.

Managed security services

AWS doesn't appear to explicitly advertise "managed security services" (though it references third-party MSSP parterners).[37] AWS does, however, offer a standard managed services portfolio through its AWS Managed Services offering.[38] Security and network management is offered as services of AWS Managed Services, but the breadth of that security management is dependent on which operations plan is selected: Accelerate or Advanced. At both levels, security monitoring is provided using AWS GuardDuty/Amazon Macie. However, it's security conformance, IAM and security review, access management, managed firewall, endpoint protection, and network configuration varies depending on the plan chosen. Consult the plan feature table on AWS to learn more.[39]


Additional information

Documentation and other media

External links

References

  1. Novet, J. (27 April 2023). "Amazon’s 16% cloud revenue growth impresses even as margin narrows". CNBC. https://www.cnbc.com/2023/04/27/aws-q1-earnings-report-2023.html. Retrieved 28 July 2023. 
  2. 2.0 2.1 2.2 "Global Infrastructure". Amazon Web Services. https://aws.amazon.com/about-aws/global-infrastructure/. Retrieved 28 July 2023. 
  3. Zhang, M. (15 June 2022). "Amazon Web Services (AWS) Data Center Locations: Regions and Availability Zones". Dgtl Infra. https://dgtlinfra.com/amazon-web-services-aws-data-center-locations/. Retrieved 28 July 2023. 
  4. "AWS Solutions Library". Amazon Web Services. https://aws.amazon.com/solutions/. Retrieved 28 July 2023. 
  5. "Glidewell Laboratories Gains Deeper Data Insights Faster with Amazon Redshift and Attunity" (PDF). Amazon Web Services. 2017. Archived from the original on 24 September 2021. https://web.archive.org/web/20210924151843/https://www.qlik.com/us/-/media/files/resource-library/global-us/direct/case-studies/cs-glidewell-laboratories-qlik-and-amazon-case-study-en.pdf. Retrieved 28 July 2023. 
  6. "AWS Data Exchange". Amazon Web Services. Archived from the original on 28 July 2023. https://web.archive.org/web/20210425134409/https://aws.amazon.com/data-exchange/. Retrieved 28 July 2023. 
  7. "National Renewable Energy Laboratory’s OpenEI.org Case Study". Amazon Web Services. 2014. https://aws.amazon.com/solutions/case-studies/openei/. Retrieved 28 July 2023. 
  8. Ozdemir, D. (29 December 2020). "Pfizer, Amazon, and AstraZeneca Team Up To Build Laboratory in Israel". Interesting Engineering. https://interestingengineering.com/pfizer-amazon-and-astrazeneca-team-up-to-build-laboratory-in-israel. Retrieved 28 July 2023. 
  9. Coker, S.; Atnoor, D.; Buckner, P. (11 September 2019). "Building the foundation for Lab of the Future using AWS". AWS for Industries. Amazon Web Services. https://aws.amazon.com/blogs/industries/building-the-foundation-for-lab-of-the-future-using-aws/. Retrieved 28 July 2023. 
  10. "Cloud Services". STARLIMS Corporation. https://www.starlims.com/offerings/cloud-services/. Retrieved 28 July 2023. 
  11. "Core Informatics Case Study". Amazon Web Services. 2017. Archived from the original on 07 May 2017. https://web.archive.org/web/20170507183040/https://aws.amazon.com/solutions/case-studies/core-informatics/. Retrieved 28 July 2023. 
  12. Casper, C.. "Securing Your LIMS in the Cloud". LabLynx, Inc. https://www.lablynx.com/news-events/securing-your-lims-in-the-cloud/. Retrieved 28 July 2023. 
  13. "Orchard Announces Amazon Web Service–based Cloud Services Solution for Its Orchard Harvest Customers". Orchard Software Corporation. 5 October 2020. https://www.orchardsoft.com/press_release/orchard-announces-amazon-web-servicebased-cloud-services-solution-for-its-orchard-harvest-customers/. Retrieved 28 July 2023. 
  14. "PDEvidence Helps Solve Crimes Faster Using Automated AWS-Based System". Amazon Web Services. 2018. https://aws.amazon.com/solutions/case-studies/pdevidence/. Retrieved 28 July 2023. 
  15. Hall, H. (4 August 2020). "New deployment model optimizes LIMS implementation in the Amazon Web Services Cloud". R&D World. https://www.rdworldonline.com/new-deployment-model-optimizes-lims-implementation-in-the-amazon-web-services-cloud/. Retrieved 28 July 2023. 
  16. 16.0 16.1 "Application Integration on AWS". Amazon Web Services. https://aws.amazon.com/products/application-integration/. Retrieved 28 July 2023. 
  17. "AWS Outposts". Amazon Web Services. https://aws.amazon.com/outposts/. Retrieved 28 July 2023. 
  18. Rajamani, S.; Bartley, J. (27 November 2020). "From on premises to AWS: Hybrid-cloud architecture for network file shares". AWS Storage Blog. Amazon Web Services. https://aws.amazon.com/blogs/storage/from-on-premises-to-aws-hybrid-cloud-architecture-for-network-file-shares/. Retrieved 28 July 2023. 
  19. RIQ News Desk. "Top 7 AWS Outages That Wreaked Havoc". ReadITQuik. https://www.readitquik.com/articles/cloud-3/top-7-aws-outages-that-wreaked-havoc/. Retrieved 28 July 2023. 
  20. Swearingen, J. (2 March 2018). "When Amazon Web Services Goes Down, So Does a Lot of the Web". Intelligencer. https://nymag.com/intelligencer/2018/03/when-amazon-web-services-goes-down-so-does-a-lot-of-the-web.html. Retrieved 28 July 2023. 
  21. Malone, K. (30 November 2020). "Businesses can avoid cloud provider downtime with redundancy — but at what cost?". CIODive. https://www.ciodive.com/news/aws-outage-cloud-recovery-interoperability/589844/. Retrieved 28 July 2023. 
  22. "Amazon Compute Service Level Agreement". Amazon Web Services. 25 May 2022. https://aws.amazon.com/compute/sla/. Retrieved 28 July 2023. 
  23. "Amazon Cloudfront". Amazon Web Services. https://aws.amazon.com/cloudfront/. Retrieved 28 July 2023. 
  24. 24.0 24.1 "AWS DataSync". Amazon Web Services. https://aws.amazon.com/datasync/. Retrieved 28 July 2023. 
  25. Beer, K. (11 June 2020). "The importance of encryption and how AWS can help". AWS Security Blog. https://aws.amazon.com/blogs/security/importance-of-encryption-and-how-aws-can-help/. Retrieved 28 July 2023. 
  26. Hyun, M.; Anderson, T. (29 July 2020). "Logical separation: Moving beyond physical isolation in the cloud computing era". AWS Security Blog. https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/. Retrieved 28 July 2023. 
  27. 27.0 27.1 "Penetration Testing". Amazon Web Services. https://aws.amazon.com/security/penetration-testing/. Retrieved 28 July 2023. 
  28. "Amazon Vulnerability Research Program". HackerOne. April 2020. https://hackerone.com/amazonvrp?type=team. Retrieved 28 July 2023. 
  29. "AWS risk and compliance program". Amazon Web Services: Risk and Compliance. Amazon Web Services. https://docs.aws.amazon.com/whitepapers/latest/aws-risk-and-compliance/aws-risk-and-compliance-program.html. Retrieved 28 July 2023. 
  30. "Intrusion Detection Systems and Intrusion Prevention Systems for EC2 Instances" (PDF). Amazon Web Services. https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_01_TSB_Final.pdf. Retrieved 28 July 2023. 
  31. Megiddo, A. (12 March 2021). "How you can use Amazon GuardDuty to detect suspicious activity within your AWS account". AWS Security Blog. Amazon Web Services. https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/. Retrieved 28 July 2023. 
  32. "Privacy Notice". Amazon Web Services. 30 June 2023. https://aws.amazon.com/privacy/. Retrieved 28 July 2023. 
  33. "HIPAA". Amazon Web Services. https://aws.amazon.com/compliance/hipaa-compliance/. Retrieved 28 July 2023. 
  34. "AWS Customer Agreement". Amazon Web Services. https://aws.amazon.com/agreement/. Retrieved 28 July 2023. 
  35. "Failure Management". Reliability Pillar. Amazon Web Services. https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/failure-management.html. Retrieved 28 July 2023. 
  36. Oles, B. (14 August 2019). "A Guide to Automated Cloud Database Deployments". SeveralNines. https://severalnines.com/blog/guide-automated-cloud-database-deployments/. Retrieved 28 July 2023. 
  37. "AWS Managed Security Service Providers". AWS. https://aws.amazon.com/mssp/. Retrieved 28 July 2023. 
  38. "AWS Managed Services". AWS. https://aws.amazon.com/managed-services/. Retrieved 28 July 2023. 
  39. "AWS Managed Services Features". AWS. https://aws.amazon.com/managed-services/features/. Retrieved 28 July 2023.