Open Source Subnet An independent Open Source community View more

PlayStation Network and Cloud Security

Does the PlayStation Network Prove Clouds are Insecure?

Pundits around the industry are using the repeated – and successful -- attacks on Sony’s Playstation Network as proof clouds aren't secure.  But what's "cloudy" about PSN?  It is the antithesis of the cloud: a closed architecture, which happens to use the internet to connect locked-down clients (PS3s) to a closed, proprietary server (PSN). While we may never learn the full details about this wave of attacks, if they prove anything, they prove that determined attackers can breach many online services, cloudy or not.  PSN was very visible, and spawned interest from attackers.  Given the publicity and impact these attacks had -- goodness, they shut down the system for weeks! -- I wouldn't be surprised to see this cycle continue for a long time.  Perhaps a wholesale rearchitecture will be needed.  Sony may lose significant revenue, and perhaps market share, as a result.  But because it is a proprietary system, where Sony controls (and can arbitrarily update) the clients and the servers at will, Sony has the opportunity to revamp the system whenever its engineers can come up with the goods. What Sony's service isn't, is a cloud.  It isn't a service open to the public.  It is single tenant; no arbitrary apps hosted here.  It works not with standard interfaces, but with proprietary applications embedded into the clients Sony provides. One has to wonder if having an open architecture would have made security better.  Security through obscurity never seems to work. That's not to say public, multi-tenant clouds are inherently secure.  They aren't, any more than any IT service is.  People who run large public clouds have told me privately about the range of security problems they encounter.  From the embarrassing (running porn sites on their systems ... but wait, I thought porn was the big internet money maker!), to hosting dangerous bots run out of North Korea, Libya, and Iran. The bottom line is that any service available to the public is open to attack.  And probably will be attacked.  Just as with traditional data centers, no claims of invincibility have any credibility ... and those who make outrageous claims will invite the attention of the most skilled attackers.  What's important is that this is not a cloud phenomenon.  Its just part of life in IT.

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies