If you think of Amazon.com (Nasdaq: AMZN) as nothing but an online retailer, think again. The house that Jeff Bezos built is very serious about treating its computing services like a real business.
The latest sign of that is this morning's announcement that the EC2 and Virtual Private Cloud cloud-computing services, along with the S3 cloud storage platform, have achieved the ISO 27001 security certification. The less stringent SAS70 certification has been in place for more than a year, and that's still all the cloud security endorsement fellow e-services provider Google (Nasdaq: GOOG) can provide for its customers. Microsoft (Nasdaq: MSFT) does have the ISO stamp on its Azure cloud platform, and it's not shy about bragging about that.
One common objection against cloud services is that no IT manager in his or her right mind would outsource proprietary and sensitive data to a third-party service such as Amazon EC2 or a server in some nameless Google data center. These certifications are designed to ameliorate that concern, by showing that the companies have a lasting commitment to privacy and data security. ISO 27001 certification is a lengthy three-step process at the hands of an approved auditor -- Ernst & Young's CertifyPoint service, in Amazon's case, which makes sense given that E&Y also audits Amazon's financial health.
Neither Amazon nor its rivals would go through these costly and sometimes painful proceedings without a carrot at the end of the stick, of course. "I can tell you that we'll continue to pursue certifications that are important to larger customers and customers in the federal space," Amazon's PR handler Kay Kinton tells me. It's worth the cost and inconvenience to get certified if it helps you land a few fat corporate customer accounts.
And it looks like Amazon's trust-building efforts are working. I mean, Netflix (Nasdaq: NFLX) wouldn't entrust its crucial web presence to Amazon's cloud unless the company trusted its sometime-rival implicitly. Perhaps the knowledge that Amazon was working on its ISO 27001 diploma helped tip the tables in Amazon's favor over, say, Rackspace Hosting (NYSE: RAX) which can only boast the SAS70 stamp of security approval. Not every industry certification can be wielded like a weapon, but this one could be a serious competitive advantage when you're reaching out to industry rivals or big government agencies.
When will Amazon's computing services become large enough to merit breaking its numbers out in quarterly reports? And when will e-tailing operations become a sideshow to Amazon's new core business? Think I'm jumping to crazy conclusions? Laugh all you want, but do it in public -- the comments box is waiting below for your jokes.
