

Ask HN: AWS for my new Start-up? What about NSA? - girvo

Hi all! I&#x27;m in the process of setting up some servers for my brand new start-up, that I&#x27;ll be letting you all know about in the next week.<p>Currently, I need a box to set-up our launch page, to get some wider feedback on what we&#x27;re doing (in the Lean Startup style of working). Normally, I&#x27;d fire up a VPS and call it a day, but I want to be able to plan for the future.<p>Our stack is PHP5.4 with Postgres, with a nice Clojure service back-end (that will be split off into its own servers at some point in the future). What I also want to do is spin up a Gitlab server, and an Email&#x2F;Owncloud&#x2F;Etherpad&#x2F;Jabber server for handling our internal documents, communication, etc.<p>In this case, I think AWS is the way to go: I get to keep all data in Australia (although, I&#x27;m worried about the possibility that because it&#x27;s an American company and my government is too cosy with the USA&#x27;s, my customers data is at risk. That said, everything will be encrypted as best as possible: HTTPS for everything, on-disk encryption for the drive, etc.)<p>The question is: Do I stick to the VPS, and sign up a couple of boxes for: 1) The Actual Server, 2) Gitlab and Internal, or do I spin up a couple of AWS instances?<p>Why, or why not the latter for what I&#x27;m doing?
======
bdfh42
May depend upon what data you are storing - particularly customer data.

From the UK perspective I suspect that any data that might be deemed personal
should not be stored on servers that are outside the UK. The fact that you
know that foreign spies (NSA in the USA, in your instance) might well have
direct access to the data only increases the imperative that one abides by
local data protection laws and minimise the opportunities for 3rd parties to
access the data.

It could be that a lot of "the cloud" is now completely broken for a very wide
range of applications.

~~~
girvo
Agreed, hence the question. We're dealing with peoples (volunteered, mind you)
financial data, think something similar to Toshl or Mint.com -- because of
that, I want to make sure it's done right!

Seems like I may have to roll-my-own-cloud after all. VPS's setup within
Australia to make sure that data never leaves our routes in the country... a
pain, but one Beastly server should be able to handle the load we're
expecting, at least on the web-app side.

We've got a bit more lee-way with the data-crunching Clojure side I think...

Now, what about Gitlab/Comms software? Is that easy to setup on AWS? How do
startups run their own internal software? On a seperate server to their app, I
hope.

------
omarforgotpwd
AWS is nice. You have a lot of control over your infrastructure and you can
control it easily with APIs. The one thing to be careful of with AWS is that
they have a lot of nice services that can be tempting to use but will lock you
into their system. Don't make your application dependent on services like
their messaging queue or NoSQL db, build something that can run in any data
center easily. If you do that, it doesn't really matter where you're hosting.
It's easy to move from cloud to cloud, so there's also no need to
unnecessarily invest yourself in AWS (which is complicated) from the beginning
when a $5 VPS on Digital Ocean might have better performance and be cheaper
anyway. When you're just getting started, do what's easy and focus on your
product. For something simple, AWS, RackSpace and Digital Ocean are all good
options that won't make you sorry. Anecdotally, we started at Rackspace and
have started moving to AWS for their APIs / powerful feature set. We have
servers both places and they're mostly the same, each with their own
strengths.

------
argonaut
I would question why the NSA would be a significant business concern. Do you
actually know with reasonable certainty that there is a tangible (X%
additional customers) business benefit to going out of your way to avoid the
possibility of NSA surveillance?

There certainly are fields where such assurances make business sense. I'm just
not sure it makes sense in your case. I want to make sure you're not
prematurely optimizing.

~~~
girvo
It's handling financial information, so I believe the answer is yes, but would
be glad to be wrong!

------
rpedela
The best advice I can give you is to make your product and business work
first. If no one wants your product, then there is no reason to worry about
the NSA. There is always time to improve or change things to handle concerns
like this.

