Everybody knows what “the cloud” is, right? It’s, like, internet storage or something? Sure. Yeah.
I wanted to go a little deeper. I wanted to know exactly what it is, where it is, who owns it, who runs it, and how it works. So I did a little travel, conducted some interviews—and last Sunday, “CBS Sunday Morning” aired my story. You can watch it here.
The “who runs it” part has a particularly interesting answer. In large part, the answer to that is, “Amazon” (AMZN), which reports earnings on Thursday.
Over the last decade, Amazon has quietly built up the world’s largest cloud-services company, called AWS (Amazon Web Services). In terms of income and profit, it’s much bigger than Amazon.com (the division that sells stuff by mail-order).
It’s also much bigger than its rivals, which include Microsoft (MSFT), IBM (IBM), and Google (GOOG, GOOGL); in fact, AWS says that it’s bigger than its next 14 competitors combined.
Most companies don’t like to reveal what cloud-services company they use, but here are a few companies that don’t mind saying that they run on AWS: Hulu, Netflix, Comcast, Spotify, Pinterest, Yelp, Airbnb, Slack, PBS, SmugMug, Hertz, Time, Intuit, Unilever, Zillow, Dow Jones, Morningstar, Under Armour, Kellogg’s, Expedia, Adobe, Philips, GE, Shell, AOL, BMW, Canon, Capital One, IMDb, Johnson & Johnson, Lamborghini, Lyft, McDonald’s, NASA, Novartis, Pfizer, Philips, Samsung, SAP, Sony, SoundCloud, Ticketmaster, and the US Department of State.
For the TV story, I had the rare opportunity to interview an Amazon executive: Dr. Matt Wood. His current title is general manager for artificial intelligence AWS, but he’s been part of AWS from the beginning. (I asked him if the “Dr.” meant medical doctor or PhD doctor. In Wood’s case, both. He started his career as a medical doctor.)
As always happens, though, the time constraints of TV meant that not all of the good stuff from our interview made it into the broadcast. So here, for your reading pleasure, is a more complete edited transcript of my interview with Dr. Wood.
POGUE: Because AWS caters to businesses, not ordinary consumers, most consumers haven’t heard of it. But it’s giant, right?
WOOD: It’s a relatively large business today. We’re a little over $16 billion in revenue run rate [projected income for 2017], and we’re growing at just over 40% a year.
POGUE: So who had the foresight, when AWS started, to say, “You know what could be really a good business for us…?”
WOOD: It actually came out of Amazon retail. The developers inside Amazon retail wanted to be able to move more quickly. They were frustrated about having to write big checks [to buy new server equipment] and wait and wait and wait [for them to be delivered], and do all this extra work to be able to try out their idea.
And so we started to come up with some ideas about how we could make that faster. And so we started to explore an entirely new business for us, selling these services to businesses in the same way as Amazon was consuming them.
POGUE: So all of these companies are hiring AWS to do what?
WOOD: They are able to pull down computational power as if it was a utility.
So let’s say you’re a brewery, right? They don’t want to manage computers. They want to brew beer. They don’t want to be going through the expense and the upfront cost and all the complexity of managing these large amounts of computers.
POGUE: So it sounds like cloud companies like AWS are basically renting computers, storage, power, security—all the stuff that technicians would have normally had to do on site, right?
WOOD: That’s right, yes.
POGUE: Are you also saying there was a time before cloud companies when people did all this stuff in house?
WOOD: Yeah. People often talk about the “heavy lifting” of building web applications or mobile applications. Well, back when I was doing my Ph.D., we were given the task—a group of Ph.D. students—to move a mainframe computer from one room to another.
This thing weighed — it must have been several tons. It took about eight wimpy nerds to try to lift it. We dropped it, and it got stuck in the doorway. (LAUGH) We had to get the university football team to come in and help us move it out of the way before our professors came back and found us!
POGUE: (Laugh) Literal heavy lifting!
WOOD: So it’s not like that today. All I need is an AWS account and a credit card, and I can start trying out new ideas, for pennies.
And larger organizations find the same benefits. And so today, very large organizations such as, you know, GE, Shell, Phillips, Netflix, all run on top of AWS.
POGUE: Really? Netflix?
WOOD: Yes.
POGUE: Wait. Amazon has a very similar business—Amazon Prime Video. Why would Netflix hire its arch-rival to store and serve up its movies?
WOOD: Well, that’s a good question. It’s one that Netflix asked us very early on. (LAUGH) From the very first day of AWS, we set up the company as a separate business. We have a separate management chain; we are situated in a separate building.
We even wanted companies that could potentially compete with Amazon.com—our cousins at retail—to be able to use the same platform. And so to AWS, Amazon.com is just another customer.
POGUE: Is there a downside to the cloud idea? Is there any reason that somebody might shy away from structuring their data this way?
WOOD: The only reason I can really think of is that some companies have already made those very, very large investments in their own data centers. They’ve signed the checks, they’ve done the waiting, they’ve racked and stacked their service. And so they’ve already made that investment.
POGUE: So suppose I’m one of these companies who’s got an existing computer setup, and I want to move to AWS…
WOOD: Yeah. There’s a couple of ways that you can do that. You can just upload it as normal. But sometimes you have so much data [that it would take forever to transmit electronically]. So we built this device–the Snowball.
(He shows me a suitcase-size, gray, plastic-enclosed case.)
POGUE: Snowball, you call it?
WOOD: It’s 100 terabytes of storage. And you just connect this up to your data center, load your data on. And then you just physically ship it back to us, and then we load it into the cloud from our data center.
POGUE: Ship it, like through FedEx or UPS or something—
WOOD: Exactly. You should never underestimate the bandwidth of a FedEx truck. (LAUGH) In fact, right on the front here, you can see that we have an e-ink display—basically, a Kindle—which shows the customer’s address when we ship it out to them. And then as soon as they arrive and plug it in, [the address on that screen changes to show] our data center collection location, and you just ship it back to us.
POGUE: Oh, this—this is a screen, this is not paper—
WOOD: Exactly, yes. Because we didn’t want the shipping labels to come off in transit.
POGUE: So essentially, this is like a giant shippable hard drive. Can you track it?
WOOD: Yeah; it has 3G, Wifi, and also a GPS system.
POGUE: But hard drives are delicate. What if the shipper guy drops it?
WOOD: We built them to be robust and ruggedized. We actually built them to military specifications. We put them on a boat in the middle of a lake and then exploded depth charges around the boat and then made sure they could still work.
POGUE: Can it handle a drop to concrete?
WOOD: Easily, no worries.
POGUE: Like this? (I shoved the Snowball off the table onto the concrete floor, where it just bounced and then lay flat) It’s okay, folks! It doesn’t have a scratch on it. I don’t know about the floor, though.
WOOD: (LAUGHS)
How AWS handles security
POGUE: OK, we gotta talk about security. I imagine you have a huge staff of experts?
WOOD: Yeah. I mean, security really is job zero for us. We take it extremely seriously. It’s the first thing that we think about when we get up in the morning, it’s the last thing we think about when we go to bed.
POGUE: Because “the cloud” actually resides in data centers—huge, unmarked buildings running thousands of servers. And one AWS data center may house the livelihoods of a bunch of companies, all concentrated in one building.
WOOD: Actually, we don’t even store all of the data in one place. We don’t have a single data center. We use groups of data centers. And those groups of data centers are separated by large distances. They’re on separate floodplains and fault lines. We move data automatically between the data centers in those groups. And that means the data is always backed up, not just inside a data center or between data centers, but between groups of data centers in different physical locations.
POGUE: So I don’t mean to give anyone ideas, but let’s say I figured out that one of these unmarked buildings was an AWS data center, and I blew it up. Are you saying that it’s so backed up and redundant that you probably wouldn’t notice?
WOOD: Yeah, you wouldn’t notice. I mean, we might be a bit upset, but you wouldn’t notice.
POGUE: That leads into my other question, which is that 70% of the cloud, 70% of the world’s internet traffic, flows through data centers in Loudoun County, Virginia. Should we be worried about that concentration?
WOOD: No, that data is backed up across multiple different physical locations. And we do that to limit the blast radius. If something does happen, or we have a power event, or there’s a flood in one specific location, that data is held redundantly in other locations, as well. So the cloud just keeps running.
POGUE: How is each physical AWS data center protected?
WOOD: The first thing is that we control personnel extremely tightly. So although I’ve been at Amazon nearly 10 years, I’ve never visited one of our data centers. I’ve never stepped foot inside them. I don’t even know their addresses.
POGUE: Because you’re not allowed to?
WOOD: Because I’m not allowed to, yeah. I don’t have any reason to be there. And a data center’s primary vector of insecurity is physical attacks. So you don’t want people there that don’t need to be there.
Beyond that, obviously we have all of the controls—the concrete, the guards, the bars—to prevent and mediate and evaluate physical access to the security. If you don’t need to be in there, you don’t get in.
POGUE: One of the data center managers told me that one reason we’ve never heard of terrorists attacking a data center is that they’re interested in terror—and that’s attacking people, not things. That a data center is just a bunch of machinery that’s easily repaired and replaced.
WOOD: Easily repaired, easily replaced, and can cause no disruption whatsoever.
POGUE: What about hacks? You know, Equifax, Sony, and other big companies being hacked. Does that have anything to do with the cloud and the way it’s structured?
WOOD: Only in that we provide developers the tools to prevent these sorts of attacks. So you can go in and very quickly protect all of your data. You can encrypt all of your data. And we even provide machine learning tools that evaluate the risk associated with your data.
So we can identify, with customers’ permission, a difference between a webpage, which is OK to deliver, or Social Security numbers and personally identifiable information. And then we continuously monitor for differences in how that data is accessed. And if we find an anomalous access, then we alert both automatic remediation and people, so they can go investigate.
POGUE: Then how do these hacks happen?
WOOD: In a variety of ways. The most common way is social engineering—trying to figure out someone’s password through nefarious processes. So calling up and saying that you are the telephone operator and you’re asking for their password, for example, and then the person just giving it to you. So it’s much more common for those sorts of attacks to be propagated.
David Pogue, tech columnist for Yahoo Finance, is the author of “iPhone: The Missing Manual.” He welcomes nontoxic comments in the comments section below. On the web, he’s davidpogue.com. On Twitter, he’s @pogue. On email, he’s poguester@yahoo.com. You can read all his articles here, or you can sign up to get his columns by email.