AWS is finally expanding into the Great White North. Given the close proximity to Canada from Amazon’s headquarters in Seattle, the giant’s absence from one of the most important technology markets has been a tad peculiar. But it seems AWS is putting its full resources behind the expansion and is even hiring French Canadian team members. As the biggest cloud computing provider enters the Maple Leaf market, here are five things that Canadian companies should know about AWS.
1. Security of the Cloud vs. Security in the Cloud
The most important thing any cloud computing company should know is where Amazon draws the line between AWS and customers regarding cloud security. They call this the distinction between security in the cloud vs security of the cloud, and it’s what we at N2WS like to call, The Blue is You.
Security of the cloud—or, what Amazon is responsible for—covers securing the computing, storage, database, and network. Amazon also commits to secure your cloud within your selected region and within edge locations. Security in the cloud—what you’re in charge of—basically includes everything else: customer data, applications, operating system, firewall, and much more. It is extremely important to understand that although AWS is providing invaluable durable infrastructure, additional backup and disaster recovery is absolutely necessary in order to fully protect your environment and mitigate any risk of downtime.
2. How to Comply with PIPEDA and Control Your Data
Why is this so important to know, especially for Canadian companies? Well, PIPEDA is the main reason. PIPEDA, or the Personal Information Protection and Electronic Documents Act, is a Canadian federal law that sets ground rules for the collection, usage, and disclosure of personal information in all Canadian provinces. Some provinces, namely Alberta, British Columbia and Québec, have supplemented PIPEDA with laws of their own.
These laws also deal with how companies in Canada are allowed to transfer data between provinces and internationally. While the obligation of compliance falls on the customer (user data falls under “security in the cloud”, not of the cloud), Amazon allows you to ensure all your data remain in their regional cluster, thus preserving data sovereignty, which should help with PIPEDA compliance.
3. What Workloads Work with AWS
Short answer: Almost all of them. AWS supports more than 95 percent of all workloads; this includes both x64 and x86 Windows, and Linux systems. However, if you’re running Itanium, Solaris, Mainframe, or AS400, you might have to make some adjustments before migrating.
The AWS cloud also allows you to migrate existing systems using most VMs. Don’t forget to plan ahead. For example, when selecting your instance types, don’t forget to set your type of virtualization. Browse the AWS marketplace to select the third-party solution that best suits your needs if you don’t already have one.
4. How U.S. Laws Affect Your Data, Encryption & DR
The most disquieting thing for many companies when working with a US-based cloud host is The Patriot Act. This law basically gives the US government almost unchecked powers in accessing customer data. Well, have no fear. Amazon has a strong track record protecting customer data. Amazon never disclosed information unless it is legally compelled to do so. by law, Amazon frequently fights subpoenas and requests to block encryption of customer data.
Given AWS allows you to keep your own encryption key, company best practices should always include data encryption. There are various ways to implement encryption and companies need not be reluctant to do this for fear of any performance or functionality issues. To encrypt your EBS volumes, you can use either Amazon’s easy-to-use encryption service or a third party tool if you want full control over encryption keys. When securing access to your Amazon RDS databases using encryption, encryption at rest is handled by AWS Key Management Service (KMS). Canadian companies do need to keep in mind that if they are utilizing another AWS region for disaster recovery purposes, data will be hosted in that region and therefore take on the privacy laws of that region. Amazon’s EC2 regions, separated by Availability Zones (AZ), are independent and dispersed around the globe and along with AWS’ powerful and scalable snapshot features give organizations different Disaster Recovery options. Snapshot mechanisms make AWS an ideal environment to support backup and disaster recovery and Canadian companies can easily choose another region in which to recover their replicated EBS snapshots in the event of a “disaster“. A disaster is unlikely to occur across an entire region, but it is feasible due to weather, a malicious attack, or simply an error or malfunction.
Canadian companies can choose to copy within Canada’s Central region, one of the four US regions, or any other worldwide region that suits their privacy requirements. Planning your DR process can be significantly simplified by automating cross-region DR via Cloud Protection Manager. EBS snapshots are incremental by nature, meaning that additional costs do apply when data is replicated, but because only the blocks on the volume that changed since the last snapshot copy are transferred, storage and network transfer costs are optimized to the fullest.
5. East/West Coast is a Little More Complex Than East/West
Depending on the location of your users and what applications you’re running, you should expect some latency when data is transmitted from the East Coast to the West Coast. Vancouver to Montreal is usually around 70ms, Montreal to Calgary takes about 60 to 70ms, and Halifax to Montreal is around 25ms. The best way to combat this is to process the data on AWS and just send back results.
AWS is the cloud computing world leader for good reasons: It has strong technology, broad compatibility, and amazing abilities. It’s commitment to its customers sometimes comes at the expense of annoying the U.S. government. Whenever Amazon expands to a new region, it creates a new server cluster there to make sure you have full access and receive the best service.
When migrating your data, just be sure to plan to encrypt your data, comply with local laws and understand your responsibility by securing your data in the cloud. Then, let AWS do the rest, sit back, and enjoy this new player in the Great White North.
How Cloud Protection Manager Helps:
Cloud Protection Manager makes it very easy to automate backups of your Amazon EC2 instances, EBS volumes, RDS databases and Redshift and Aurora clusters. CPM is a native cloud backup, recovery and disaster recovery solution built from the ground up for AWS, directly connecting to users’ AWS infrastructure to perform automated backups. To learn more about CPM’s instant recovery, application consistent backup, easy scheduling and reporting and much more, try our 30-day free trial. (There is absolutely no credit card needed, and you can start backing up within minutes!)]]>