Tuesday, April 26, 2011

Dark Clouds

It's been a rough few days in the world of on-line infrastructure. Last week saw major outages in Amazon Web Services as well as the beginning of the ongoing Sony PlayStation Network debacle. As someone who spends a fair amount of time on Reddit, Giant Bomb, and PSN, I've felt the impact of all the downtime acutely. What with not being able to aimlessly surf rage comics, vicariously play Persona 4, or get any downloadable games on the PS3, I've had some time to reflect on this brave new world. In hopes of both organizing my thoughts and distracting myself from the prospect of having my credit card stolen, I'll share some potential lessons I've learned from the whole experience.

As more and more of our lives move into the cloud, it's likely that outages and problems will become more crippling despite likely being less frequent. In other words, I have no doubt that the ubiquity and reliability of on-line storage will continue to grow, but with so many more people, devices, and services relying on the Internet, any problems that do crop up will be extremely inconvenient, if not devastating.

For lay-people, it's interesting to see the inner workings of the Internet. While I did know that Amazon had quietly become one of the major players in the storage and hosting business, I didn't know that some of my favorite websites relied so heavily on the company's services. Even companies in direct competition with parts of Amazon (like Netflix) use Amazon's storage services. In the same way it's good to know where your money goes and where your stuff comes from, I think it's important to know where your data comes from and where it goes.

Ultimately, the outage was a relatively benign lesson in the necessity of proper redundancy as well as the need to be flexible when things go south. Both Amazon and the affected companies were fairly forthright and responsive in regards to addressing the problems.

The same can't be said for Sony.

I write this having just finished calling my credit card companies to order new cards, check recent purchase history, and place fraud alerts. Unfortunately, this is a familiar dance, and I know all the steps. Crime is inevitable and I realize the idea of a completely safe system is a fantasy. Still, Sony's performance over the past few days has been both disappointing and worrying. Sony has already failed in providing security; they're now failing to provide transparency.

Six days after it pulled the plug on their entire network, Sony has finally seen fit to admit what many folks suspected: users' personal information has been compromised. As Ben Kuchera put it: "Sony's security has failed in a spectacular fashion, and we're just now finding out about it. In both practical and PR terms, this is a worst-case scenario."

There's very little we can do at this point about the security breach except play defense against potential fraud and start asking questions that might help us in the future. For example: Why did it take Sony so long to come forward with the information? Why hasn't Sony sent a mass email to all of its customers detailing the situation? I know they have my email address. If I weren't on Twitter or reading video game websites, I'd have no idea that my data was stolen.

How does Sony store sensitive information and why was so much of it vulnerable to attack? Are services like Xbox Live and Steam architecturally similar to PSN? In the past, I've complained about how tedious it is to input my billing information every time I want to buy something on WiiWare, but perhaps that extra step was a blessing in disguise?

As far as on-line data is concerned, we've reached the point of no return: our lives will only become more entwined with the Internet in the coming years. If this past week is any indication, we need to be prepared for "the cloud" to take on a more literal meaning; our data might float tranquilly across the Internet most of the time, but when it rains, it pours.

No comments:

Post a Comment