Recent major security issues like the RSA SecurID hack, or the Epsilon and Sony breaches, make one wonder whether lightning has not been striking a bit too often. Ironically hackers are developing a preference for using Amazon’s Elastic Compute Cloud (EC2), which can be used almost anonymously, for carrying out their activities. Amazon itself has recently suffered from significant outages in their Elastic Block Store (EBS) service, which it has recently explained in a very detailed and technical statement, although we can only guess what the real or complete details behind these problems might be.

Surprisingly, the Ponemon Institute’s recent Security of Cloud Computing Providers study reveals that cloud providers do not put security as the No. 1 concern in providing their services:

http://www.ponemon.org/blog/post/ponemon-releases-cloud-server-provider-study

Imagine if your local bank where you keep your money did not treat locking its doors and vaults as its first priority.

It is reminiscent of parking lot tickets, where the fine print on the back disclaims any responsibility towards the customer beyond renting them a parking space.

Tags: Amazon, EBS, EC2, Epsilon, RSA, SecurID, Son

In contrast to the Epsilon “business as usual” approach, Sony has been reeling from the security breach which has had the PlayStation Network shut down for several weeks.

Sony has now freely admitted that personal information of up to 77 million PlayStation users was compromised. Their website provides advice to users for obtaining free credit reports, in case any users believe they are victims of identity theft: http://www.soe.com/securityupdate/

While this disclosure is to be applauded, Sony’s refusal to testify at a US House Energy and Commerce subcommittee hearing scheduled this week seems a tacit admission that they have not yet identified how the cyber attack on their data center in San Diego, CA  could have happened: http://www.bloomberg.com/news/2011-05-02/sony-declines-to-testify-at-u-s-house-hearing-on-data-breach.html

The initial breach has been compounded by the discovery of additional impact on the Sony Online Entertainment games network, resulting in further losses of customer data involving another 25 million accounts and SOE taking down that network for repairs. Estimates of the cost to Sony primarily from lost revenue have ranged up to $50 million, however the real damage could be in terms of their market share, which has been eroding.

While Sony is taking this very seriously, experts are divided as the actual risk. Congress is pushing for legislation forcing companies to immediately disclose any data breaches to consumers to reduce the risk of identity theft and fraud. The real solutions as suggested by some experts might include a reevaluation of network security procedures, which often still rely on username and password combinations: http://www.computerweekly.com/Articles/2011/05/03/246559/Sony-data-breach-100m-reasons-to-beef-up-security.htm

Tags: Credit report, data breach, Epsilon, Identity Theft, PlayStation, security, SOE, Sony