With commodity computing power rented on a pay-as-you-go basis, you get what you pay for and you pay for what you get: an unsecured cloud, prone to performance issues and surprisingly not as cheap as you expect it to be.
AWS only makes available a small sliver of information concerning the hardware that your applications are running on.
As a result it's nearly impossible to know what is 'running under the hood' or which specific servers, storage drives and networking components are processing your data and powering your applications.
There are literally dozens and dozens of data centers across the world that are operated by AWS in multiple availability zones. There's literally no way to guarantee where your data may or may not reside.
For highly regulated (or even non-regulated but highly conscious) industries where security and compliance are paramount, what are you going to tell your customers about the whereabouts of their sensitive and private data?
EC2 instance types and other services offered by AWS offer guarantees for resource capacity such as compute, memory, disk size, etc. You can even have the privilege of paying extra and buying 'reserved instances' for buffering your performance (this is another issue as many customers end up paying for reserves that they really don't need, thereby adding unneeded expenses which quickly add up).
Because of multi-tenancy, AWS offers few guarantees of performance. While you may have the raw capacity promised, these resources may not be running at the performance levels you desire. The culprit is network latency and it won't change no matter how many EC2 instances you 'throw at the problem'.
AWS will alert you when instances must be moved around because of maintenance on the underlying hardware. This requires your administrator to stop and relocate the EC2 instance somewhere else.
Administrators running applications on AWS must treat the cloud infrastructure with the same attentiveness as if it were their own on-premise hardware and follow any communications sent by AWS or risk being affected by maintenance activities.
|Enterprise-Class Capabilities with Disaster Recovery Fully Built-In|
|Vendor Lock-In (Use of Proprietary Tools)||NO||YES|
|Industrial Strength Security - DoS, Dual Factor Authentication, Network Security|
|Compliance-Ready (Auditing, Reporting) for HIPAA, PCI DSS|
|Hybrid-Capable (Ability to Create Hybrid Clouds with your Infrastructure)|
|Application Management Support and Services|
|Multiple HyperVisor Support including VMware for Hybridization and Faster Time to Production|