Like other IT professionals, Boden applauds the promise of
We engage [AWS] just like any other enterprise customer.
Jen Boden, director of IT for Amazon.com,
The only difference is that Boden works for the world's largest cloud provider, Amazon.com. She's the director of IT services for the retail giant, although she has nothing to do with the main website operations (which went down last Wednesday, costing Amazon millions in revenue) or Amazon Web Services (AWS), which delivers cloud computing and other online services.
"My customers are internal Amazon employees," Boden said, speaking at an Amazon event in New York City. The company is a fairly standard example of a large enterprise when it comes to IT -- a mixed Windows/Linux shop with a widespread use of Microsoft desktop products, she said.
Amazon uses Oracle E-Business Suite Financials software for reporting and business process needs. It also uses Appian for business process management and BMC for systems management. The effort to turn her company's IT from internal resources to AWS was a multi-year effort, and part of the push was to see the reported benefits of cloud, like lower operating and investment costs, better flexibility and reliability, and partly to "drink our own champagne," as she put it.
She prefers the champagne analogy to the more common "eating your own dog food" mantra, used by Microsoft and other companies to illustrate that they are using their own products. Boden stressed that the move was mostly a business decision, not a publicity mandate.
"No one is making us do this," she said. This is not a case of Amazon CEO Jeff Bezos coming down and ordering IT into the cloud, she joked, adding that she has too much responsibility to make a decision on her IT infrastructure based on political or marketing considerations. Still, Boden said she desperately wanted to move with the times.
"We have engineers on the back-end who deal with hardware tickets when capacity gets near [to full]. I don't want them dealing with that, ever," she said. Amazon engineers can be more productive if front-line response issues were removed, but the move took a great deal of planning, she noted.
Kicking off the IT-to-cloud move at Amazon
It all started with server consolidation and virtualisation, something Boden said she had already been doing and was already mostly completed. She said most enterprises looking at cloud should see virtualisation within their own infrastructure as the first priority; once that is done, there is more flexibility in where and how applications could be deployed and served.
Boden said her organisation is in the preliminary stages of moving into AWS -- she started with some simple, homegrown applications, such as a list maintained for HR, which her team moved to AWS successfully. Larger sections of IT operations will move later with the financials likely to be last, since they are the most sensitive to security and compliance needs. Planning began last year, and the whole process might take another year and a half.
Boden said she had to go to AWS like any other customer to sign up and use the cloud, without special treatment. That put her in the familiar position of evaluating a third-party vendor.
"It's really no different than any risk assessment that you'd do on any high-profile application review," she said. "We engage them just like any other enterprise customer."
The million-dollar cloud security question
One primary concern was security. Boden said she was only able to give really serious consideration to moving critical parts of the organisation into AWS after the launch of Amazon's Virtual Private Cloud (VPC) service last fall. VPC allows users to deploy instances in Amazon's Elastic Compute Cloud (EC2) that are cut off from the public Internet. Amazon has advertised VPC, and a recently completed SAS 70 Type II security audit, as touchstones for enterprises.
The IT staff had to adjust their attitude slightly to get a real handle on cloud security, she said. Since moving to a cloud provider means giving up a good deal of direct control over infrastructure, Boden noted, security has to be understood at the application level, not just the operations level.
"We had to change our focus from asking 'How is AWS safe?' to 'How are our applications going to be secure in the cloud?'" she said.