Skip to main content

Why You Should be Grateful For The PSN Attack

No, I am not sarcastic. And I am not referring to (sensible) advice that you might be spending way too much playing video games online while you could enjoy family activities or working out. Even Sony should be grateful, as silly as it sounds, as well as the entire IT industry. And no, I am not kidding.

The simple fact is that the PSN hack was a shot across the bow and not as damaging as it could have been, even f it may cost Sony billions of dollars in repairs, lost revenues and reputation.

Realistically, the damage extends much further: An entire industry that is hoping you will ditch your local software for a cloud service is afraid that you may now think twice about subscribing to their products. The short term damage may be much higher than the damage we are seeing on the surface at this time. Sony's little welcome present is laughable in the grand scheme and is, despite its anticipated cost of well more than $1 billion, almost negligible, if we consider the short term damage to an entire industry of hopeful cloud service providers.

However, here is the upside. I am guessing here, but I suspect that the motivation for the attack was not to damage the interests of Sony's 70 million or so customers. There is no evidence so far that credit card data has been sold and credit card fraud has, in fact, happened. It appears to me that the real intent was to embarrass Sony. On a deeper level, while I do not justify the attack, Sony is to blame as the hack exploited a known, but unpatched flaw on Sony's servers. This fact alone is a message that should be taken seriously across the industry. Cloud computing is not just about features. It is foremost about security. If you jeopardize the security of data that has been entrusted to you, cloud computing can cause harm that by far exceeds any other monetary criminal activity we have known so far.

Attacks such as the Sony PSN hack rely on perfect timing. If any damage to those 70 million users was intended, it would have happened already. If you are affected by the hack, you should have taken reasonable measures such as replacing your credit card already, which potentially makes the loot, at least in this respect, almost worthless. What Sony should have learned is that this hugely successful attack could have been a broadside shot that in fact was intended to cash in. Instead, this attack happened just about at the right time to remind all of us to be aware of our personal data, how we provide it and to whom we provide it. It seems as if the overall software-as-a-service and general cloud computing party has been blurred by enthusiasm, visions and ideas, while the basic requirements such as security were pushed into the background.

Imagine yourself 5 years out from now. If the industry has its way, you may be writing your documents with Google Docs or Office 365. You may be collaborating via one of these services. Your phone calls and voicemails are stored in the cloud. Your email is closely tied to all your communication. Much of your personal life, including credit card information and smartgrid utility usage data will be in the cloud. Today we heard that Google intends to store your entertainment data in the cloud, control your home via the cloud and you may have access to the general features of your car via the cloud. Imagine a successful attack into millions of such accounts, an attack that exposes the entire hard drive of your digital life and is targeted to capitalize on your data. If Sony's attack reminds us how important security is in such services and if it helps promote the development of much more secure cloud infrastructures, then we should be grateful that Sony's PSN was hacked.

Of course, this hack has the downside that many of us may now rethink our willingness to provide very personal data to companies with security policies we have no idea of. Strangely enough, the security of data has always been the primary concern in cloud computing, at least as far as business or government applications are concerned. Perhaps it is time for us to be more diligent about the way how easily we provide critical data across the Internet and question specific security features of a service. As much as cloud computing is invading our lives, there may even be a need for certain minimum level security requirements as well as guarantees that data will be held safe and will be restored in a case of emergency. Perhaps we will also be seeing insurances to jump on this opportunity an extend homeowners and renters insurance with cloud service coverages.

I am far from predicting the future, but I am convinced that the PSN hack has led many companies, not just Sony, to evaluate their networks and how secure they are. Marketing claims aren't enough and even "reasonable" security measures aren't enough. Successful attacks in a mature cloud computing era could cause damage far beyond the inconvenience of replacing a credit card or taking a break from online video gaming and movie watching.