We have been raising security concerns about the cloud since the days when it was simply called network computing. The off-site storage of critical information by third parties and the subsequent aggregation of individual targets into a single entity provides an enticing target for crackers who seek to benefit from their criminal misdeeds.
While someone would not likely mount an attack against a hundred small targets, it is irresistible to them when those hundred can all be hit with a single attack. The cloud enables this.
That's not even going into the productivity loss resulting from down-time on our so-so network infrastructure here in the USA, the issues of data ownership, the issues of privacy when data from one jurisdiction and is stored in another, and the endless list goes on...
Safe? It isn't and never has been.
Regards,
Jon
Image courtesy of Flickr user inottawa.
The news just keeps getting worse and worse for Sony. Now, it’s Sony Music and Sony Erickson that’s being hacked. This after weeks of PlayStation Network downtime and an expansion of bad news into Sony Online (well, offline these days) Entertainment.
See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)
The news isn’t just limited to Sony and it’s not just about hacking attacks. There have been cloud failures at Amazon, Google, Microsoft, and more.
The Top 5 Tips to Survive a Cloud Computing Disaster
This Friday May 27, I’ll be hosting a free, live webcast for CBS Interactive discussing whether the cloud is still safe. I’ll be joined by top ZDNet and TechRepublic experts and we’ll dive deep into the recent problems of cloud computing, and whether it’s still safe to entrust your data to the cloud.
It’s at 1:00 PM ET (that’s 10:00 AM PT and 5:00 PM GMT). I hope you’ll join us, bring questions, and be prepared to help us come to workable, actionable conclusions.
Register at: The Top 5 Tips to Survive a Cloud Computing Disaster
Let’s run down the recent list of cloud failures. Then, we’ll ask and try to answer the question of whether the cloud is still safe.
Amazon Web Services
AWS was down for about a week. The failure also took down some Web services like Quara, FourSquare, and Reddit that were dependent on Amazon, providing the valuable lesson that if you’re going to use a backup cloud provider, make sure it’s not using the same service provider you are.
See also: 7 important survival tips Amazon’s orphaned 0.07 percent can teach us
PlayStation Network (and all the other Sony woes)
Sony has been the target of one or more sustained attacks by outside actors. It seems that once the company solidifies security on one front, another perimeter is breached and the company once again gets attacked.
A lot of old-time IT professionals have little pity for Sony ever since the rootkit fiasco (see this story from 2005’s ZDNet). Even so, the company’s just had to weather quite literal storms in terms of the terrible tsunamis and earthquakes in Japan, and so these virtual cloud problems are just making things worse.
Many Sony customers are considering jumping from PlayStation to other platforms, and with E3 coming up in just a few short weeks, it’ll be interesting to see how Sony presents these problems to the public — and whether they’ve managed to batten down the hatches to any extent.
See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)
Epsilon
Epsilon Data Management found that it hadn’t managed it’s data all that well. Consumers will wind up paying the price. Epsilon provides mailing services for major consumer companies. A breach of its systems resulted in a loss of more than 60 million email addresses from more than 50 companies you used to, but should no longer, fully trust.
We expect millions of consumers to get very targeted phishing emails, which means, pretty much, that you should never trust any email you get, ever, ever again.
See also: Epsilon data breach: What’s the value of an email address?
LastPass
When password management company LastPass thought it might have had a breach, it quite properly shut everything down and began an internal investigation. The problem was that the company didn’t use best practices, and was completely unprepared for all its customers trying to change their passwords — all at the same time.
Millions were shut out of not only LastPass, but also all their other password-based online services, including their email accounts.
See also: We interview LastPass CEO: the human price and the real truth
Blogger
When free blogging service Blogger.com (part of Google) performed some regular maintenance recently, something went wrong. The result was about 30 hours of blog posts were lost.
See also: Google’s Blogger outage makes the case against a cloud-only strategy
Android
You might love your Android handset, but it might not love you back. A rather extensive security hole was found in the service, opening the door to all sorts of disturbing penetration possibilities. Google’s hard at work fixing the bug, but it’s still scary.
