Breaches of Trust From Amazon & Sony

Andy Patrizio, Technology Journalist | 5/2/2011 | 13 comments

Andy Patrizio
Confidence in cloud services took a severe one-two punch last week with the lengthy downtime of Amazon Web Services' Elastic Compute Cloud and the breach of Sony's PlayStation Network, in which 77 million accounts were stolen. Last year I noted that more than half of IT pros surveyed felt cloud services weren't secure enough to trust. Well, the events of the past week won't help.

A brief recap: Amazon Web Services went down on April 21 and took dozens of sites with it, including social network Foursquare, news aggregator Reddit, and question-and-answer site Quora. The error was eventually traced to a network failure that caused problems with Elastic Block Storage, an Amazon storage service that's similar to a disk array for a standard datacenter. Some sites were offline for days as Amazon struggled with the outage, and some data was permanently lost.

In the PlayStation Network case, Sony discovered two weeks ago that PSN and Qriocity, a streaming service similar to Netflix, had been hacked. For the sake of security, it shut both services down completely until it could revise the network to make it more secure. It's still down as of this writing.

In both cases, it wasn't the disruption or breach, it was the handling of the problems that hurt the companies.

Amazon was painfully slow to alert its users of the outage and repeatedly failed to make timely updates on the status of the service. Cloud management provider RightScale summed up Amazon's failings in its own blog post, and there were a lot -- starting with no blog updates from Amazon Web Services for four days. What we had there was a failure to communicate.

Sony messed up even worse. It took down PSN and Qriocity on April 20 but didn't admit that personal information, including credit card information, was possibly accessed until April 25. Finally, on April 26, the company said on its blog that credit card info was encrypted, but personal data (name, address) was not.

So a lot of people are canceling credit cards now as a precaution, and the Xbox stands to gain a whole ton of sales.

The lawsuits are going to pile up over these outages, and Sony could be in real trouble if a 77-million-person class action suit is brought against it. But this is the time for cooler heads to prevail. If there is one thing I detest in what passes for political discourse it's the habit of both sides to define their opponents by the worst among them and make them the rule, not the exception. So let's not do it here.

  • Don't abandon Elastic Compute Cloud. Are we forgetting that Amazon started out selling books, and has done a better job with a cloud service than most of the companies with the expertise in this area? Amazon has done a better job than any other cloud service provider, which is reflected in just how many major, important services were taken down. Amazon was subjected to DDoS attacks for kicking Wikileaks off the EC2 service, and it withstood those hackers.
  • Do diversify. Your 401k doesn't consist of one stock or mutual fund, does it? EC2 sites that stayed up, like SmugMug and Twilo, didn't use Elastic Block Storage, and Netflix only used some of EBS for storage. It split the storage service with other providers. Don't put all your eggs with one provider if you can help it. Amazon is not the only infrastructure-as-a-service provider. There's Microsoft, CSC, and more.
  • Check that SLA. Amazon's SLA does promise 99.95 percent uptime, and given that AWS has been around since 2006, it's had a pretty good track record. Again, this is one screw-up in five years. That said, make sure any cloud provider has some teeth behind its SLA. CSC likes to note that its SLAs have penalties if they ever screw up as badly as Amazon did.
  • Pick up the phone, send some emails, make some noise. People sat around waiting to hear from Amazon. If the provider messes up, take initiative and contact them.
  • As for Sony, I don't know what to say about that company anymore. Its string of failures just grows daily, and it's hard to believe Sony was the model on which Steve Jobs based Apple. Waiting five days to inform people that their credit cards might have been compromised is just inexcusable.

We learn from our mistakes. The fact is, Amazon hasn't had that many to learn from. But let's hope it learned well from this outage, and let's learn a few lessons ourselves. The first should be to not depend entirely on one provider. You wouldn't get all of your IT equipment from one vendor, would you? The same should apply to IaaS services.
View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
Zaius   Breaches of Trust From Amazon & Sony   5/3/2011 4:52:29 PM
Re: Re : Breaches of Trust From Amazon & Sony
I have already commented before in this blog:

http://www.enterpriseefficiency.com/messages.asp?piddl_msgthreadid=238014&piddl_msgid=375996#msg_375996sg_375996 Still

It is very early in order that the big companies deposit so many confidences in cloud computing...

As he said technocrat, newly cloud computing this one in his infancy and it is necessary that continues developing it very much to obtain 100 % of safety in.

 
Technocrat   Breaches of Trust From Amazon & Sony   5/3/2011 3:25:21 PM
Re: Re : Breaches of Trust From Amazon & Sony

Interesting post, Cloud computing is still in it's infancy as it relates to regulation and how outcomes like those mention in the article are handled.

 

There are cloud hosts that have been around for a good amount of time but what happens when the cloud provider goes out of business? What happens to your data then?  Will a SLA be enough then?

Anand   Breaches of Trust From Amazon & Sony   5/3/2011 11:42:22 AM
Re : Breaches of Trust From Amazon & Sony
"Some sites were offline for days as Amazon struggled with the outage, and some data was permanently lost."

Loosing data permanently is really hard thing for companies. What other options does companies have to protect their data ?


 
nimanthad   Breaches of Trust From Amazon & Sony   5/3/2011 2:20:54 AM
Re: Paradox
Well true enough, but cloud needs some more time to recover. It has gone through many phases and right now it needs a good investor to back it and overcome all the loopholes.
vnewman   Breaches of Trust From Amazon & Sony   5/3/2011 1:02:28 AM
Re: At least Sony's trying.
"You wouldn't get all of your IT equipment from one vendor, would you?

Well.......

Actually we do.  And we do it because said vendor goes above and beyond for us and promises the moon and stars - we haven't been able to get the same level of attention anywhere else.  If our IT Director calls them at 3am and says he needs something by 5am - it happens.

So, I can kind of see why people would fall under Amazon's spell and put all their eggs in one basket.
Joe Stanganelli   Breaches of Trust From Amazon & Sony   5/3/2011 12:20:39 AM
At least Sony's trying.
To be fair, I'm unaware of any evidence that Sony did not let its customers know about the personal data breach as soon as it had learned of it and was able to.

This kind of crisis does take some time to handle; it has to go both through the legal department (to determine what information legally must be told to customers, what information should be told to customers to help reduce liability, and in what ways in can/cannot be said) and through CRM and/or PR.

Could Sony have handled it better once they found out about the personal data breach from a PR standpoint?  Sure.  But crisis communications are always difficult.  I'm not ready to say that Sony's behavior was egregious.

Amazon's, on the other hand, has been abominable -- between the lack of communication, and the poor quality of what little communication there has been (not even greeting clients with a "Dear valued customer," but instead a fairly empty "Hello").

The sad thing is that Sony's business may take the biggest hit (personal data breaches are always bad news), whereas cloud-happy tech-hipsters and they C-levels they evangelize to may be happy to forgive Amazon because, "Hey, everybody has outages/data losses from time to time!  The cloud is still OMG AWESOME! Let's get rid of our local storage entirely and give Amazon more money!"
Rowan   Breaches of Trust From Amazon & Sony   5/2/2011 11:58:47 PM
Paradox
This here is the essential appeal as well as the most likely failure of the Cloud - it makes things so easy that its failure seems both impossible and disastrous. I've been wary of the Cloud since I heard about it, yet there I am, downloading all my games from Steam. It's just so easy! And if it ever fails, well, there will be no strictly legal way for me to recover those games.
David Wagner   Breaches of Trust From Amazon & Sony   5/2/2011 3:35:20 PM
Re: data / identity theft issue
@Fowler- regulation is still iffy on issues regarding data breach in the cloud. But I believe the onus falls on the company storing the data, not the cloud provider, to keep that data safe and to notify the users. Presumably, a good SLA will cover breach notification from the provider to the client, but I susppose there can be loopholes.
fowler   Breaches of Trust From Amazon & Sony   5/2/2011 1:30:05 PM
data / identity theft issue
Looking back over this, the identity theft issue starts to bother me more.

Protection of consumer data has been pretty dismal. As I recall, the rule is that if a company knows that their customer's data has been stolen, they need to inform them.

If the data breach happens in the cloud, are hosting providers required to inform their customers? This is B to B, not B to C and they may not know that consumer data was lost. If not, companies may find moving their data to the cloud reduces their liability to consumers re: data theft.

loophole?
batye   Breaches of Trust From Amazon & Sony   5/2/2011 1:19:26 PM
Re: Putting your faith in the cloud and getting your heart broken
agree with time we would see more problems comming to light...
Page 1 / 2   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
More Blogs from Andy Patrizio
Andy Patrizio   3/13/2013   19 comments
The mushrooming datacenter industry in America is being painted as a villain in power consumption and pollution, but a study by Stanford computer science professor Jonathan Koomey found ...
Andy Patrizio   6/22/2012   49 comments
In the space of a week in early June, we learned about significant password breaches at LinkedIn, Last.fm, and eHarmony. In the weeks preceding that, we had a few other biggies, like a ...
Andy Patrizio   6/13/2012   9 comments
This past May, Microsoft finally killed off the Windows Live brand, the umbrella term it used for its online apps that required and used an Internet connection, as well as the Azure brand ...
Andy Patrizio   6/7/2012   8 comments
Developers have been wondering for several months now, especially since the Build conference, if Silverlight has reached the end of the road. Microsoft's answer to Flash is not as popular, ...
Andy Patrizio   6/5/2012   19 comments
In the past year, smartphone battery life has taken on a renewed concern, due to the increasing complexity of phones, the use of dual- and quad-core processors, and the advent of LTE ...
Latest Archived Broadcast
Data visualization can make complex data easier to grasp. Our expert guest will talk about the hows, whys, and whats of bringing the big picture to your enterprise.
May 28th 2pm EDT Tuesday
On-demand Video with Chat
NBA CIO Michael Gliedman will tell us why the NBA decided to create NBA.com/stats
6/18/2013 -   Please join us for the "IT Convergence Strategies: Why, When and How " to learn more about: • 5 truths about infrastructure convergence today that go beyond the hype • How to exploit the 4 phases of convergence maximum efficiency and agility • Key milestones to plan for on the convergence journey • Why integrated management is a critical component of convergence plans • The importance of an open, modular approach, such as Dell’s active infrastructure, to building a converged data center
E2 IT Migration Zones
IT Migration Zone - UK
Application Audits Simplify Migration
Hardware Refresh Cycles Are Outdated
Office 365 Finds Fans
IT Migration Zone - FR
Windows Blue attendu en juin
Comment profiter d’une nouvelle expérience User Virtualization
S’équiper ou non d’un logiciel anti-virus ?
IT Migration Zone - DE
Leap Motion zeigt Gestensteuerung für Windows 8
Microsofts Surface Pro kommt nach Deutschland
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Dell IT Insights
Dell Market Response Twitter Feed
E2 Linked-in Group Ad
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.
Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.
Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.
Read the full report
SPONSORED BY DELL
BRIEFINGS
CASE STUDIES
EBOOKS
PUBLIC SECTOR RESOURCES
VIDEOS
WHITE PAPERS
A Video Case Study – Translational Genomics Research Institute
e2 Video
On the Case
TGen IT: Where We're Going Next
7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications
6|6|12   |   02:24   |   12 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now
5|15|12   |   06:58   |   5 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were
4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster
4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival
4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud
4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission
4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives
4|5|12   |   1:59   |   8 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives
3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
VMWare & the Bicameral Model of MDM
5|22|13   |   2:14   |   No comments

VMware has a new solution to the MDM problem, two virtual phones inside a real phone, at least for Android phones. Currently limited to two models, the idea could expand and provide a way of letting companies harmonize their need to manage corporate use of phones while preserving BYOD.
Ivan Schneider
Clash of the Tableau 8: Release the Kraken!
5|17|13   |   2:42   |   No comments

Tableau 8 has some great data visualization and presentation capabilities, but it's best paired with a strong data analysis framework.
Tom Nolle
Using Virtualization – for Real!
5|13|13   |   2:10   |   2 comments

There's a lot of hype about virtualization of networks, NaaS, and SDN, but there's a couple of proven applications that enterprises could adopt right now and potentially save money and improve operations.
Tom Nolle
Is UC Becoming Oxymoronic or Just Moronic?
5|9|13   |   2:12   |   No comments

Skype/Outlook UC integration means we're going to have competition and fragmentation of UC client architectures, but is that bad? Modern devices can support IM, email, voice, and video clients, so maybe it's the back end of UC we need to be worried about.
E2 Editors
Windows vs. Integrated Circuit CPUs
4|17|13   |   4:45   |   5 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
Radio vs. Public Internet Access
4|17|13   |   4:34   |   14 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
Mainframes vs. Servers
4|17|13   |   4:34   |   16 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
TCP/IP vs. Printing Press
4|17|13   |   3:07   |   5 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
BYOD vs. E-Commerce
4|12|13   |   3:12   |   11 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
Telecommuting vs. Outsourcing
4|12|13   |   4:19   |   7 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
Personal Computer vs. Mobile Devices
4|12|13   |   4:28   |   20 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
E2 Editors
Smartphones vs. Productivity Software
4|12|13   |   3:09   |   13 comments

The editors make their predictions about what will win the next match-up in the E2 Tournament of IT Revolutionaries.
Tom Nolle
There's More to Mobility Than the Mobile Worker
4|9|13   |   2:03   |   5 comments

Workers are now used to portable device support throughout their everyday lives. We should be looking at the policy of providing fixed-desk devices to support stationary workers. Could portable support be smarter?
Ivan Schneider
From Kim Jong-Un's Trackball to Nuance Voice Ads
4|5|13   |   3:21   |   9 comments

Input devices run the gamut, from the humble Missile Command-style trackball to advanced speech recognition. Unfortunately, these input devices can be used for evil as well as good. Case in point: mobile ads that want you to talk to them.
Tom Nolle
Data/Storage Wish List for Enterprises
4|3|13   |   2:19   |   1 comment

Enterprises want three things in storage systems: First is some speech-recognition way of capturing videoconference data for indexing; second is semantic/AI analysis of emails and IM for content indexing; third is a better system for managing hierarchical layers of storage.