When the Silver Lining Isn't
Cloud services have become one of the latest fads for Information Technology, being offered to professionals and end users alike, promising always accessible data and applications, irrespective of location. This new term for network storage and hosted third party applications has people willing to overlook the drawbacks that those services traditionally had, choosing instead to believe the marketing hype of it always being available, not being constrained by local network or hardware failures.
Ultimately, however, all of these services and systems are relying on someone's hardware, someone's network, and needing someone to perform the network and systems administration duties that are being forgotten in the marketing for Cloud services.
Recently, the reality of these constraints came crashing down for many companies and end users when Amazon's EC2 cloud hosting service had a series of major outages at Amazon's North Virginia datacenter, leading to a complete loss of services for companies and end users that hadn't utilised geographic distribution to replicate services (at cost, of course) across Amazon's different EC2 datacenters. Popular sites such as FourSquare and Reddit, which were relying on the one datacenter, were knocked offline by the outage.
To make matters worse for end users of the service, the outage also led to loss of data from sites that were affected by the outage. Observers point out that one of Amazon's other networked service offerings, S3, is designed for data storage, not the system virtualisation offered via EC2.
The big lesson to take away from the EC2 failure is that the presence and use of Cloud services does not remove the requirement for distributed system design and maintenance, complete with redundant nodes, if users don't want to be greatly affected by similar future failures.
At around the same time as the Amazon EC2 outage, Sony's PlayStation Network (PSN) was attacked and manually shut down, remaining shut down over the Easter period, and is only now beginning to be reinstated in a limited capacity. Though not the same as traditionally marketed Cloud services, the PSN represents a common network, complete with consolidated online account storage and material for PS3 and PSP users globally. Without access to the PSN, almost all online services are unavailable to users, though tied in services like NetFlix are accessible if the prompts are ignored often enough.
After a lack of information being published in the immediate aftermath of the shutdown, Sony has become more open about the outage and its effect on end users. As the information about the attack is gradually released, it appears that an attack targeting Sony's San Diego datacenter was able to penetrate the PSN and user account details were accessible to the attackers. The big concern is the presence of credit card details associated with user accounts. Sony states that the credit card details were encrypted and that there has not been any evidence publicly released yet which proves they were accessed as part of the break in.
This isn't stopping the lawsuits, though, and it will be interesting to see what emerges through the process of the court case.
2 May 2011
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.