Breaches of Trust From Amazon & Sony

Andy Patrizio, Technology Journalist | 5/2/2011 | 13 comments

Andy Patrizio
Confidence in cloud services took a severe one-two punch last week with the lengthy downtime of Amazon Web Services' Elastic Compute Cloud and the breach of Sony's PlayStation Network, in which 77 million accounts were stolen. Last year I noted that more than half of IT pros surveyed felt cloud services weren't secure enough to trust. Well, the events of the past week won't help.

A brief recap: Amazon Web Services went down on April 21 and took dozens of sites with it, including social network Foursquare, news aggregator Reddit, and question-and-answer site Quora. The error was eventually traced to a network failure that caused problems with Elastic Block Storage, an Amazon storage service that's similar to a disk array for a standard datacenter. Some sites were offline for days as Amazon struggled with the outage, and some data was permanently lost.

In the PlayStation Network case, Sony discovered two weeks ago that PSN and Qriocity, a streaming service similar to Netflix, had been hacked. For the sake of security, it shut both services down completely until it could revise the network to make it more secure. It's still down as of this writing.

In both cases, it wasn't the disruption or breach, it was the handling of the problems that hurt the companies.

Amazon was painfully slow to alert its users of the outage and repeatedly failed to make timely updates on the status of the service. Cloud management provider RightScale summed up Amazon's failings in its own blog post, and there were a lot -- starting with no blog updates from Amazon Web Services for four days. What we had there was a failure to communicate.

Sony messed up even worse. It took down PSN and Qriocity on April 20 but didn't admit that personal information, including credit card information, was possibly accessed until April 25. Finally, on April 26, the company said on its blog that credit card info was encrypted, but personal data (name, address) was not.

So a lot of people are canceling credit cards now as a precaution, and the Xbox stands to gain a whole ton of sales.

The lawsuits are going to pile up over these outages, and Sony could be in real trouble if a 77-million-person class action suit is brought against it. But this is the time for cooler heads to prevail. If there is one thing I detest in what passes for political discourse it's the habit of both sides to define their opponents by the worst among them and make them the rule, not the exception. So let's not do it here.

  • Don't abandon Elastic Compute Cloud. Are we forgetting that Amazon started out selling books, and has done a better job with a cloud service than most of the companies with the expertise in this area? Amazon has done a better job than any other cloud service provider, which is reflected in just how many major, important services were taken down. Amazon was subjected to DDoS attacks for kicking Wikileaks off the EC2 service, and it withstood those hackers.
  • Do diversify. Your 401k doesn't consist of one stock or mutual fund, does it? EC2 sites that stayed up, like SmugMug and Twilo, didn't use Elastic Block Storage, and Netflix only used some of EBS for storage. It split the storage service with other providers. Don't put all your eggs with one provider if you can help it. Amazon is not the only infrastructure-as-a-service provider. There's Microsoft, CSC, and more.
  • Check that SLA. Amazon's SLA does promise 99.95 percent uptime, and given that AWS has been around since 2006, it's had a pretty good track record. Again, this is one screw-up in five years. That said, make sure any cloud provider has some teeth behind its SLA. CSC likes to note that its SLAs have penalties if they ever screw up as badly as Amazon did.
  • Pick up the phone, send some emails, make some noise. People sat around waiting to hear from Amazon. If the provider messes up, take initiative and contact them.
  • As for Sony, I don't know what to say about that company anymore. Its string of failures just grows daily, and it's hard to believe Sony was the model on which Steve Jobs based Apple. Waiting five days to inform people that their credit cards might have been compromised is just inexcusable.

We learn from our mistakes. The fact is, Amazon hasn't had that many to learn from. But let's hope it learned well from this outage, and let's learn a few lessons ourselves. The first should be to not depend entirely on one provider. You wouldn't get all of your IT equipment from one vendor, would you? The same should apply to IaaS services.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
Zaius   Breaches of Trust From Amazon & Sony   5/3/2011 4:52:29 PM
Re: Re : Breaches of Trust From Amazon & Sony
I have already commented before in this blog:

http://www.enterpriseefficiency.com/messages.asp?piddl_msgthreadid=238014&piddl_msgid=375996#msg_375996sg_375996 Still

It is very early in order that the big companies deposit so many confidences in cloud computing...

As he said technocrat, newly cloud computing this one in his infancy and it is necessary that continues developing it very much to obtain 100 % of safety in.

 
Technocrat   Breaches of Trust From Amazon & Sony   5/3/2011 3:25:21 PM
Re: Re : Breaches of Trust From Amazon & Sony

Interesting post, Cloud computing is still in it's infancy as it relates to regulation and how outcomes like those mention in the article are handled.

 

There are cloud hosts that have been around for a good amount of time but what happens when the cloud provider goes out of business? What happens to your data then?  Will a SLA be enough then?

Anand   Breaches of Trust From Amazon & Sony   5/3/2011 11:42:22 AM
Re : Breaches of Trust From Amazon & Sony
"Some sites were offline for days as Amazon struggled with the outage, and some data was permanently lost."

Loosing data permanently is really hard thing for companies. What other options does companies have to protect their data ?


 
nimanthad   Breaches of Trust From Amazon & Sony   5/3/2011 2:20:54 AM
Re: Paradox
Well true enough, but cloud needs some more time to recover. It has gone through many phases and right now it needs a good investor to back it and overcome all the loopholes.
vnewman   Breaches of Trust From Amazon & Sony   5/3/2011 1:02:28 AM
Re: At least Sony's trying.
"You wouldn't get all of your IT equipment from one vendor, would you?

Well.......

Actually we do.  And we do it because said vendor goes above and beyond for us and promises the moon and stars - we haven't been able to get the same level of attention anywhere else.  If our IT Director calls them at 3am and says he needs something by 5am - it happens.

So, I can kind of see why people would fall under Amazon's spell and put all their eggs in one basket.
Joe Stanganelli   Breaches of Trust From Amazon & Sony   5/3/2011 12:20:39 AM
At least Sony's trying.
To be fair, I'm unaware of any evidence that Sony did not let its customers know about the personal data breach as soon as it had learned of it and was able to.

This kind of crisis does take some time to handle; it has to go both through the legal department (to determine what information legally must be told to customers, what information should be told to customers to help reduce liability, and in what ways in can/cannot be said) and through CRM and/or PR.

Could Sony have handled it better once they found out about the personal data breach from a PR standpoint?  Sure.  But crisis communications are always difficult.  I'm not ready to say that Sony's behavior was egregious.

Amazon's, on the other hand, has been abominable -- between the lack of communication, and the poor quality of what little communication there has been (not even greeting clients with a "Dear valued customer," but instead a fairly empty "Hello").

The sad thing is that Sony's business may take the biggest hit (personal data breaches are always bad news), whereas cloud-happy tech-hipsters and they C-levels they evangelize to may be happy to forgive Amazon because, "Hey, everybody has outages/data losses from time to time!  The cloud is still OMG AWESOME! Let's get rid of our local storage entirely and give Amazon more money!"
Rowan   Breaches of Trust From Amazon & Sony   5/2/2011 11:58:47 PM
Paradox
This here is the essential appeal as well as the most likely failure of the Cloud - it makes things so easy that its failure seems both impossible and disastrous. I've been wary of the Cloud since I heard about it, yet there I am, downloading all my games from Steam. It's just so easy! And if it ever fails, well, there will be no strictly legal way for me to recover those games.
David Wagner   Breaches of Trust From Amazon & Sony   5/2/2011 3:35:20 PM
Re: data / identity theft issue
@Fowler- regulation is still iffy on issues regarding data breach in the cloud. But I believe the onus falls on the company storing the data, not the cloud provider, to keep that data safe and to notify the users. Presumably, a good SLA will cover breach notification from the provider to the client, but I susppose there can be loopholes.
fowler   Breaches of Trust From Amazon & Sony   5/2/2011 1:30:05 PM
data / identity theft issue
Looking back over this, the identity theft issue starts to bother me more.

Protection of consumer data has been pretty dismal. As I recall, the rule is that if a company knows that their customer's data has been stolen, they need to inform them.

If the data breach happens in the cloud, are hosting providers required to inform their customers? This is B to B, not B to C and they may not know that consumer data was lost. If not, companies may find moving their data to the cloud reduces their liability to consumers re: data theft.

loophole?
batye   Breaches of Trust From Amazon & Sony   5/2/2011 1:19:26 PM
Re: Putting your faith in the cloud and getting your heart broken
agree with time we would see more problems comming to light...
Page 1 / 2   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Andy Patrizio
Andy Patrizio   10/31/2013   26 Kommentare
A new survey from International Data Corporation (IDC) finds that the business departments of major firms are taking an increasing role in funding a company's IT spending. It's a trend ...
Andy Patrizio   6/26/2013   85 Kommentare
It's long been known that employees are not always as security-conscious as they could be and that many breaches, especially data loss, occur from innocent mistakes. However, there is a ...
Andy Patrizio   3/13/2013   19 Kommentare
The mushrooming datacenter industry in America is being painted as a villain in power consumption and pollution, but a study by Stanford computer science professor Jonathan Koomey found ...
Andy Patrizio   6/22/2012   49 comments
In the space of a week in early June, we learned about significant password breaches at LinkedIn, Last.fm, and eHarmony. In the weeks preceding that, we had a few other biggies, like a ...
Andy Patrizio   6/13/2012   10 Kommentare
This past May, Microsoft finally killed off the Windows Live brand, the umbrella term it used for its online apps that required and used an Internet connection, as well as the Azure brand ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
SPONSORED BY DELL
CASE STUDIES
EBOOKS
PUBLIC SECTOR RESOURCES
VIDEOS
WHITE PAPERS
WINDOWS SERVER 2012 RESOURCES
A Video Case Study – Translational Genomics Research Institute
e2 Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments


Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments


New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments


The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments


We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments


Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments


Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments


Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments


On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments


Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments


A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments


VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments


Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments


Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments


Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments


The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.