AWS Global Infrastructure 2021 Status Report

AWS Global Infrastructure 2021 Status Report by Tim Layton

The AWS Global Cloud Infrastructure currently offers over 200 fully featured services from data centers globally – more than any other public cloud service provider.

AWS Global Infrastructure Map (
AWS Global Infrastructure Map (March 2021)

AWS has been the Gartner Magic Quadrant leader in cloud infrastructure and platform services (IaaS, PaaS) since 2010 and they continue to be double digits ahead of Azure, Google, and all others. Gartner placed AWS highest in both axes of measurement— Ability to Execute and Completeness of Vision— among the top 7 vendors named in the report. You can read Gartner’s full report.

AWS currently offers cloud services in 25 regions, 80 availability zones, 97 direct connect locations, and 230+ points of presence spanning 245 Countries and Territories. No other cloud provider is even close.

This article is not meant to sound like a marketing promotion for AWS. The facts are the facts and for enterprises that need the depth and breadth of cloud services and infrastructure that AWS offers, it is a clear choice for many organizations.

AWS Global Infrastrucutre Stats (

Before reading the report, refer to the AWS Global Infrastructure Terms section below to help define the terms used in Gartner’s report. It is also helpful to understand these basic terms when discussing AWS services with other professionals and business partners.

Get My Free Cloud Security Risk Management Journal

AWS Global Infrastructure Terms

Region: A geographical area with 2 or more AZs, isolated from other AWS regions

Availability Zone (AZ): One or more data centers that are physically separate and isolated from other AZs

Edge Location: A location with a cache of content that can be delivered at low latency to users – used by CloudFront

Regional Edge Cache: Also part of the CloudFront network. These are larger caches that sit between AWS services and Edge Locations

Global Network: Highly available, low-latency private global network interconnecting every data center, AZ, and AWS region

Tim Layton specializes in demystifying the complexities and technical jargon associated with cloud computing security and risk management for business stakeholders across the enterprise. Tim is a cloud security thought leader defining actionable and defensible strategies to help enterprise stakeholders make risk-based decisions and prioritize investments in the new digital frontier.

Stay Connected With Tim Layton



Get My Free Cloud Security Risk Management Journal


Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. (NIST 800–30)

Threat: potential cause of an unwanted incident, which can result in harm to a system or organization. (ISO 27001)

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (NIST 800–30)

Vulnerability: weakness of an asset or control that can be exploited by one or more threats. (ISO 27001)

Likelihood: A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. (NIST 800–30)

Likelihood: chance of something happening. (ISO 27001)

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (NIST 800–30)

Risk: effect of uncertainty on objectives. (ISO 27001)

Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NIST 800–30)

Compensating Security Control: A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. (NIST 800–30)

Impact Level: The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (NIST 800–30)

Residual Risk: Portion of risk remaining after security measures have been applied. (NIST 800–30)

Security Posture: The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. (NIST 800–30)

Get My Free Cloud Security Risk Management Journal

Tim Layton

Tim Layton

Get Tim Layton's Free Cloud Security Journal so you can remain current with the latest cloud security trends and updates. Tim is a cloud security thought leader defining actionable and defensible strategies to help organization's make risk-based decisions and prioritize investments.

Recommended Articles

Leave a Reply

Your email address will not be published.