With Russia's invasion of Ukraine in February last year, one of the biggest concerns of Volodymyr Zelensky's government was focused on an area in which Russians have a lot of muscle: hackers. Because of this, the invaded country activated a series of protocols, but above all the backup of all state data and the migration of systems.
The protection of information is a critical asset, since everything can be a target for a physical attack on servers, but also for cyberattacks: from the personal data of citizens to tax information, through the systems that support hospitals, universities and agencies that depend on the State.
In this context, Ukraine used tools from Amazon Web Services (AWS), Amazon's cloud computing division, to back up more than 15 petabytes (15 million gigabytes) of essential data from 50 Ukrainian government authorities, 24 Ukrainian universities, and private sector companies.
And they did it, surprisingly, in 24 hours and with a "two-pizza team", a golden rule of Jeff Bezos, founder of Amazon: teams that include a number of people who can be fed only two pizzas (for their policy of making few meetings and keeping them short). That is, less than 4 people.
Liam Maxwell, Director of Government Transformation at Amazon Web Services and a personality who has experience in the public sector, was in charge of supporting the Ukrainian technical teams: he worked as CTO (chief technology officer) of the British government during the management of David Cameron (2010-2016).
And this was done by taking all that information to the famous "cloud": Ukraine used a third-party infrastructure, in this case, AWS servers (computers), programs and applications, to secure the entire online system of the state.
In a one-on-one talk with Clarín at the AWS Summit, an annual event held in Washington to connect to the cloud with customers, sponsors and journalists, Maxwell told the details of this backup and migration process that successfully guaranteed the proper functioning of the public administration and critical entities dependent on the Ukrainian State.
The war has been going on for more than a year. Photo EFE
─Your first big cloud migration experience was in the UK Government. Why did you make this decision in Cameron's management?
"Our main problem wasn't that we were spending too much money, but that we were spending too much time redoing things. We lacked the agility, capacity, and speed that you get with the cloud. However, this was not the main reason for migrating: it was computer security.
─Why? What was the system like before?
─Because in the old management we had many situations in which we did not know as a government what systems were updated, what security flaws were patched, how the systems were assembled, who supervised people and processes, who was really in charge of each of the things. The most important thing was to get us to a place where every step we took increased our overall security, and that traceability could be given to us by the cloud.
─Which cloud did Britain use and what security advantages did the cloud give them?
"In our case we took everything to Dublin, Ireland, because the UK didn't have the infrastructure. And that was fine, because actually the security model implies that it doesn't really matter where the data is: I can choose to put my data wherever I want. The important thing is where the keys are and I had control of the keys. Because of the speed with which we could access the data in the cloud we were able to build all the subsequent services that were used in the State.
The case of migration from Ukraine
Liam Maxwell, Director of Government Transformation at Amazon Web Services. AWS Photo
Working with a country with nearly 44 million people required a lot of coordination between official teams and AWS. They used devices called AWS Snowball or AWS Snowball Edge, a service that provides secure and resilient devices to bring AWS storage and applications into environments without connectivity.
"Support also included protecting digital infrastructure by migrating more than 160 critical government workloads through technical support and local account teams and solution architects to support disaster recovery efforts," Maxwell said.
As an example, as the war unfolded, Ukraine's largest private bank, PrivatBank, which serves 40% of the Ukrainian population, moved all its operations to the cloud.
"The bank's technical team worked with AWS to securely migrate 270 applications and 4 petabytes of customer data residing on 3500 Ukrainian servers, in less than 45 days," they say from the Amazon cloud.
─When transitioning data to the cloud, what did you encounter in Ukraine?
─With brilliant technological equipment from Ukraine, which made it much easier to find data, where it was and how to find it. That helped a lot in the fluidity of the process.
─Where did you start?
"We sat down and said, 'What are the first records to take to make sure you're in a safe place?' How do you help keep the system running? And how to export it? And clearly the first thing was to make backups of the information.
─And what information did they backup?
─The first thing we supported was the registration of the population. The second, the land registry. The third thing, the tax system, to know where the money was. Fourth, the criminal record, because you need to know who a criminal is. Fifth? Health, education and welfare. Now all those records have to be able to enter and exit, and also the applications that the Government runs on an application called DIIA, which each citizen accesses and allows him to "be" an online citizen.
─What did you use to make these backups?
─Our Snowballs, which are data transport devices, but they are also state-of-the-art computing devices, so they allow you to run services even if you are offline, but they are the size of a portfolio but handle up to 90 TB of information. The Ukrainians loaded the data into these snowballs and took it in vans to airports so they could take that information to the cloud, outside the country.
AWS Snowball, the edge computing devices used for migration. AWS Photo
─How long did the entire backup process take?
"Well a whole snowball can be filled in a day, give or take, and we had several at once, so it didn't take much more than that. The migration of systems is different: PrivatBank, a critical institution that handles almost half of the country's money, brought 250 applications and 4 PB of data to the cloud in about 45 days. The same with the registration of people: Ukraine is the largest country in Europe, with almost 48 million inhabitants.
─And how many people from AWS worked on the project?
─AWS assigned a small full-time team, a "two-pizza team", as Bezos says [about 4 people]. In addition, there were about 400 external volunteers. But at the end of the day in one day we had the information backed up and, after three or four months, we calculated that we had done more than 15 petabytes of data throughout the government with 24 ministries, 24 universities and 50 government authorities migrated.
─And what did that data gain from being now in the cloud, at the security level?
"Well, if you move to the cloud, you make sure that you encrypt everything everywhere, you make sure that everyone has the systems up to date and that you've followed the review especially around security. At the end of the day, it's where you get the most control.