Home | Cloud | Cloud: Security Experts Required!
Cloud: Security Experts Required!

Cloud: Security Experts Required!

0 Flares Twitter 0 Facebook 0 Google+ 0 StumbleUpon 0 Buffer 0 LinkedIn 0 0 Flares ×

So it appears from today’s announcement that the Sony Playstation Network was hacked after all. Some 70 million users are unable to game online and other services, such as LoveFilm are down.  Whilst it has had a positive effect on our household (Call of Duty remains unplayed as Son#1 deems it uninteresting unless playing against his friends) unfortunately it continues to be an embarrassment and PR disaster for Sony.

As we continue to expose more computing to the Internet (especially with the move to more cloud-based applications), then surely we can expect more incidents of this nature.  Do we really take security seriously enough or is it simply that we don’t understand the nature of how deep we need to ensure security is implemented?  I was in discussion with a company last week that indicated many organisations feel it is necessary only to protect the perimeter against attacks.  This seems remarkably weak as an approach; as soon as the perimeter is breached, then everything is open  and available.  Perhaps we need to elevate the importance of security within IT, because unless we get things right, data exposures and service outages will continue to be a problem.

One other thought comes to mind while thinking about Sony’s dilemma.   The reports (including this from BBC) indicate that Sony are looking to strengthen their network security.  This has necessitated them taking down the whole infrastructure to achieve this.  However one of the original design principles of the Internet that any one section could be damaged and traffic would automatically reroute.  Why are we not designing Internet based applications in this way?  After all, with 70 million users, Sony must be spreading the workload across many physical servers and network infrastructure.  Perhaps we need to be designing with the Internet methodology in mind – breach one component and you don’t get global access; that component can then be taken down until the breach is resolved.

The recent Amazon AWS outage has shown us that traditional application architectures won’t work well in the cloud.  I expect we’ll see a much greater focus on security and application design as organisations struggle to manage embracing Internet-based computing whilst keeping the hackers at bay.

 

About Chris M Evans

Chris M Evans has worked in the technology industry since 1987, starting as a systems programmer on the IBM mainframe platform, while retaining an interest in storage. After working abroad, he co-founded an Internet-based music distribution company during the .com era, returning to consultancy in the new millennium. In 2009 Chris co-founded Langton Blue Ltd (www.langtonblue.com), a boutique consultancy firm focused on delivering business benefit through efficient technology deployments. Chris writes a popular blog at http://blog.architecting.it, attends many conferences and invitation-only events and can be found providing regular industry contributions through Twitter (@chrismevans) and other social media outlets.
  • http://blog.technologyofcontent.com/ Justin Cormack

    The problem is that the majority of people still think they are too unimportant to be hacked (although Sony should know better!), and are not prepared to pay extra for what they see as a low probability event.

    Perimeter thinking is as you point out a lot of the problem, I blame the firewall vendors.

    Judging from the AWS outage a lot of people are not using the cloud for cloudy architectures, so I suspect security isolation is not there either. I think this is only going to get worse…

  • http://blog.selfstorage.com Self Storage

    Although Sony provided this service for free, it shows that it’s important to keep security for the customers in mind. I’d like to note that these types of security breaches occurred before this data was stored on cloud infrastructures. I believe cloud security can be as effective as that of “traditional” storage.

  • http://www.thesecure-store.com Storage Letchworth

    Whilst it was obviously a disaster for Sony, there is a lot of good that may well come out of this. The very fact that a massive corporation like Sony can be hacked in such a manner will make a lot of people in the industry really sit up and take notice. I am sure many security systems are undergoing checks and testing as we sit here and a huge amount of improvement will occur, which can only be a good thing. With the pace of technical advance, many systems and their architecture are becoming obsolete and too easy to hack. We all need to sit up and be constantly aware.

0 Flares Twitter 0 Facebook 0 Google+ 0 StumbleUpon 0 Buffer 0 LinkedIn 0 0 Flares ×