AWS itself is certified to store US Department of Defence data, which includes classified data. It's a very secure environment within the boundaries of their service offering and responsibilities. The issues are always with the customer architecture, security, and processes.

In terms of sovereignty, US is an ally so I can't see an issue from a business perspective. The other point relating to sovereignty would be data residency, and AWS has a London region (data centre) which presumably is the location our government would choose.

I think that the Guardian is a little bit uninformed.

Might cause a bit of chuntering amongst the usual suspects when they find out GCHQ's AWS assets are deployed in something designated "eu-west-2" though.

I’d trust AWS infrastructure security over something home rolled any day, both from a basic security perspective and availability. Clearly over the top of whatever data centre you use, you can overlay poor practice, so that bit is irrelevant. I’m working in CNI right now (clearly not on the machine I’m using to type this…..), and trust me, AWS would be safer, cheaper and easier.

Yate, Chipping Sodbury, Bristol...probably

If you are referring to stuff near MK? Been there, done that - useless, utterly useless

Not in the same league ... still just tin/string in some sites

The only reason some Govt depts use them is that there is no VAT (if not reclaimable). They usually regret it eventually

Yeah ... no

I am starting to wonder if I just earned a whoosh parrot.

Full transparency, I am in the cloud industry....

I hear many times people saying "Cloud is someone else's data center". That is a misconception which can be propagated by people using GCP/AWS as a colo. The cloud vendors see people exhibiting this behaviour as a failure and try to assist them in using the advantages of cloud and not just checking a box. This is not due to the cloud vendors being evil, (they may still be evil but not for this reason) it is because anyone using a cloud vendor as a colo is going to complain loudly and not save much money.

AWS are the flavour of the month/year/decade right now in Central Govt - many many old services are being modernised and moved/refactored/redesigned etc over into AWS clouds. As mentioned earlier in the thread AWS are already there in DoD world and even competing (again) with MS for Pentagon stuff.

As I work a lot with AWS I may have a biased view, but I'd trust them way above any Cab Office Govt provided services or localised colo on prem stuff that lurks around C LDN and under the flight path for LHR. A lot of that is moving too ... again to AWS. The previous flavour of the 1/2 decade was UKCloud, but that's now going by the wayside and a lot of exiting is currently in flight.

It is worth saying again that any risk to data will still be held by the developers at GCHQ. AWS etc protect the infra layer but not the application layer. If someone leaves a big hole in their app then there is nothing AWS can do about it.