There is a fantastic opportunity right now to bring a new wave of applications and data – such as the IoT and big data analytics – onto the cloud. But achieving this calls for a combination of cloud services and their speed and economies-of-scale, and the local market presence and trusted infrastructure of service providers such as telecom operators.
This is the opportunity we set out to address in the alliance between Amazon Web Services (AWS) and Ericsson that was announced today.
Innovation in cloud services
The pace of innovation in cloud services is extraordinary, and AWS is a clear leader, offering over 50 services, including compute, storage, and data analysis, together with an ecosystem of users, documentation and tooling. At the same time, service providers are innovating new network and device services, as well as possessing unique capabilities in managing device connectivity and identity in the mobile network space.
And specifically for enterprise customers, service providers offer high quality network services and infrastructure according to local regulatory environments. Using and building on the AWS services baseline can help service providers build on these strengths and leapfrog into offering competitive cloud services to their enterprise customers, adding value based on unique assets.
Solution architectures for enterprise
We are developing a set of solution architectures that will help service providers create competitive enterprise offerings based on AWS services, initially in the areas of secure networking, manageability of keys, and independent data integrity and placement. These solutions are intended to bring down barriers of cloud service adoption for enterprise applications and datasets that are regarded high risk or under strict local regulatory requirements.
They have been developed in a true agile, customer-driven way, with feedback and learning influencing detailed features and functions.
Network isolation of devices
Today, everything is a connected device – from employee tablets to industrial equipment. Enterprises need to address security threats of many kinds, including misconfiguration and insider attacks. Service providers can act as a network policy enforcement point so that devices can reach only the cloud service end-points they are supposed to.
In this solution we blueprint how a service provider can ensure network isolation all the way from a mobile device to an AWS Virtual Private Cloud (VPC). The assignment of IP addresses to mobile devices is coordinated with the AWS VPC networks, and devices and cloud end-points are not visible from the Internet. In addition, data traffic management, quality and accounting can be controlled in a flexible way.
Service-provider-hosted key management
Already today AWS provides different levels of data security to accommodate varying risk levels of enterprise data and applications. In addition, enterprises have created their own solutions to increase manageability of keys. There is an opportunity for service providers to offer these types of add-ons as a service so enterprises can avoid the need for internal implementations. An example is the life-cycle management of master keys stored in the AWS CloudHSM service.
Policy-based data integrity and placement
AWS storage services are used for a wide range of enterprise applications and datasets. Service providers can help their enterprise customers to enforce and comply with local requirements and policies on, for example, geography and access levels. This solution enables scalable data signing that is independently verifiable and policy enforcement for managing where data is stored. AWS storage services are relied upon to leverage the ecosystem, functionality, and economies of scale.
Combining cloud services and trusted infrastructure
We aim to validate and evolve these and other solutions in a Cloud Innovation Center model, in which Ericsson and AWS will work closely with both service providers and their enterprise customers. We will discover together how a combination of leading cloud services and leading trusted infrastructure can unlock more applications and datasets to make use of the cloud service model.