Cloud computing's growing pains
Break-ins and breakdowns
The lessons from Sony's big security lapse and Amazon's cloud-computing outage
IT COULD turn out to be the biggest breach of data privacy since the advent of the internet. Sony admitted this week that hackers had stolen personal information, possibly including credit-card details, of many of the 77m-plus users of its online-gaming and entertainment networks. The Japanese company did not admit the full extent of the potential risks to its customers until nearly a week after it had taken its PlayStation Network off air, though it insisted that it had done so as soon as it realised how serious the intrusion into its systems had been.
Amazon, an American online retailer and provider of "cloud computing" services, has also suffered a lengthy breakdown at one of the giant server farms whose storage and processing facilities it rents to other companies. The two lapses, though unconnected and different in nature, have raised the question of whether customers can really trust the basic idea behind the cloud-that you can buy computing services from the internet, just like gas or water from a utility.
Sony's security breach is particularly embarrassing because it wants to position its PlayStation console as an entertainment hub capable of delivering films and music over the internet, in addition to video games. An entertainment one-stop-shop of this nature will appeal to consumers only if it is secure and reliable; a DVD, after all, does not suddenly refuse to play for a week. Sony also failed to encrypt some of the personal details of its customers-an elementary error for a company that prides itself on its technological prowess. In Amazon's case, the problems were caused by a glitch that took longer than expected to resolve, affecting the operations of several internet firms (including Reddit, Quora, HootSuite and Foursquare) that use its services, and denting the reputations of all concerned-as well as that of the cloud itself.
安全漏洞让索尼陷入相当尴尬的境地——因为索尼希望将PlayStation游戏机定位为能够通过互联网提供电影和音乐的娱乐中心，而不仅仅是电子游戏。只有足够安全且值得信赖，这种性质的一站式娱乐才能吸引用户。毕竟，仅仅是DVD的话，不会突然被关闭一周。在加密其用户个人资料方面索尼也是失败的——对于一个标榜其技术实力的公司而言，这是一个基本的失误。在亚马逊的案例中，问题是由一个小故障造成的，解决这一问题耗时比预期要长，影响了一些互联网公司（包括使用其服务的Reddit, Quora, HootSuite 和 Foursquare）的运营，对所有相关方的名誉都产生了不利影响——“云”本身也概莫能外。
But building a totally secure and reliable cloud-based system, or indeed any other kind of computer system, is impossible. More break-ins and breakdowns are inevitable. What matters is that service-providers, consumers and corporate clients all learn the right lessons from the events of the past week.
For providers of online services, the main lesson, beyond the obvious need to adhere to basic principles of computer security, is the importance of being open with customers when things go wrong. This seems to be something that is particularly difficult for Japanese firms, with their consensus-based decision-making and a reluctance to tell superiors when problems arise. Sony remained tight-lipped when it should have been forthcoming. Amazon has also been criticised for providing only a small amount of rather vague information about the outage. One user gave the company an "F" for communication this week; another complained that its updates seemed to have been written by its lawyers rather than its engineers.
Consumers, meanwhile, should ensure that they do not use the same passwords on multiple online systems, which exposes them to the danger that a compromise in one system will enable the same credentials to be used to access another. Being able to manage passwords and spot "phishing" e-mails that try to trick recipients into revealing bank details and other information are now important life skills, like it or not.
The lesson for companies let down by Amazon's outage is that they need to be aware of the risks of being too reliant on a single supplier, with cloud computing as with anything else. Firms that use cloud-based systems should be looking at ways to distribute work across multiple providers. Although the cloud has many benefits and is generally quite reliable, it is clearly bound to produce the odd thunderstorm.