Sony's Struggles Highlight Cloud Weakness

PASADENA, Calif. (TheStreet) -- Sony's (SONY) recent headline-grabbing security snafus, which have now been linked to a key Amazon (AMZN) service, should serve as a security wake up call to cloud providers and companies that use their services.

"This is a sobering call for organizations to wise up," Laura DiDio, principal analyst at ITIC told TheStreet. "There's no such thing as a 100% hack-proof network or device -- it's a fact of computing life in the twenty-first century."

Sony's struggles prove that there's no such thing a 100% secure network, says Laura DiDio of ITIC.

Citing a person with knowledge of the matter, Bloomberg reported Monday that a hacker used Amazon's EC2 cloud computing service to launch the attack that crippled Sony's PlayStation network last month. The attacker, who did not hack into Amazon's servers, used a bogus name to establish an account that is now disabled, according to Bloomberg.

Amazon and Sony have not yet responded to TheStreet's request for comment on this story.

Earlier this month, Sony confirmed that it was the victim of a massive denial-of-service attack, likely timed to coincide with the hack of its PlayStation Network. Sony subsequently warned its 77 million users that their private account details, such as passwords addresses and credit cards, may have been compromised after the Network was infiltrated by the unknown hacker.

ITIC's DiDio said that these type of events underline the need for more sophisticated security technology. "Just as the hackers become more sophisticated and better equipped, so companies need better tools," said DiDio. "One of the best weapons available today is continuous monitoring [of networks and data] -- you have got companies like RedSeal and ArcSight, now part of HP (HPQ), [that do this]."

RedSeal's software, for example, analyzes how devices such as firewalls, routers, and load balancers interact to identify security holes.

Sony's woes come at a time when Silicon Valley is ramping up its push into cloud services. IBM (IBM), which like Microsoft (MSFT), is one of cloud's biggest proponents, expects the technology to be the "normal" method for delivering IT services by 2015.

Cloud security should be uppermost in the minds of businesses that send their data off into cloud services, according to DiDio. "It's not just about latency and service performance," she said, adding that companies should hold providers' feet to the flames to ensure extremely tight security Service Level Agreements (SLAs). "You have to ask hard questions about security."

Despite the security challenges, cloud services are becoming increasingly popular. Some 61% of respondents to ITIC's 2011 cloud survey said that they are using, considering, or will consider third-party cloud services, up from 46% in 2010.

--Written by James Rogers in New York.

>To follow the writer on Twitter, go to http://twitter.com/jamesjrogers.

>To submit a news tip, send an email to: tips@thestreet.com