CTO Blog

CTO Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Sony and Amazon; are you a victim or in control?

Category :

The past week has not been a great one for the ‘technology society’ where everyone is connected and able to develop and use various technologies. First Amazon Web Services goes down for a USA region and then Sony PlayStation customers get their full identities stolen. Not good, as the saying goes, and probably has resulted in a large number of CIOs saying something like, ‘I told you that you shouldn’t be using AWS’, whilst anxiously re- examining their security systems. So is this a reason to return to internal IT with strong firewalls and give up on online business, social CRM, etc?

Well, it is certainly a reason to re-establish some sensible controls, and practices, over activities that might have got just a bit too casual as business users and their managers experimented with new ‘simple’ solutions that ‘didn’t need the IT department’. But it’s also time to question what really happened and what it should be telling us about the new world and its use of technology. Let’s start with the Sony security incident, which made the headlines because of the household name and scale but in fact is merely the latest ‘break-in’ of this type. Centralised systems holding details such as these are not new, every enterprise holds client records, what is new is the accessibility of such systems, and the use made of such systems by an enterprise’s customers.

Sony needs to secure the premises, and the business process, think of it as one of their high street shops, but customers equally need to secure their cash and credit cards when in the shop as their side of good practice. In a deluge of comments on the hacking, the one that stood out stressed that we all need to understand our side of the new business model. The advice given was to ensure that for each online business, such as Sony, to which you provide details you should use a different password. Okay difficult to manage perhaps, but simple sane advice, so how to do it? Try the solution developed by Bikerdr  (you will need to scan down the page) for an interestingly new approach, maybe someone will do some quick development work and produce this as an enterprise level solution

There is a similar argument about shifting/sharing the responsibility to be made in the case of the Amazon Web Services issues. ZDNet covered the news at the time but have since then published a follow on ‘post mortem’. This post by Phil Wainwright who has been following all aspects of SaaS into cloud for several years and is well informed, has some interesting further links including one to a further ZDNet piece he wrote that offers a very practical ‘seven lessons’ from the Amazon outage. In the list Phil points out that if you didn’t plan for Amazon’s failure then you share the blame. The same point as applies to Sony etc above.

So clearly we should be designing our apps to fail? That’s easy to say but not so easy to square with the basic idea that we can have cheap and flexible apps for short periods. A much more radical approach as to exactly what technology we are using and exactly what that means in terms of expectations and options is, I believe, called for. At the root of this is the difference between TCP-based cloud services and UDP-based cloud services, a little understood topic, which in this case can be summarised as AWS uses UDP as a basis for its clouds and most IT departments have an expectation that the service level they will receive is that of a TCP cloud.  Some people think that this is a controversial argument, but at its root is a very simple set of differences starting with TCP using connection oriented, and UDP being connectionless. This ying yang occurs at every level of the two approaches, and hopefully I have now interested you enough to go to the lively and interesting blog of Massimo on IT 2.0, and next generation IT infrastructures in which he discusses this topic.

The big point of this post is, ‘are you a victim of circumstances, or have you figured out the need to understand the circumstances, and take back some elements of control?’

About the author

Andy Mulholland
Andy Mulholland
Capgemini Global Chief Technology Officer until his retirement in 2012, Andy was a member of the Capgemini Group management board and advised on all aspects of technology-driven market changes, together with being a member of the Policy Board for the British Computer Society. Andy is the author of many white papers, and the co-author three books that have charted the current changes in technology and its use by business starting in 2006 with ‘Mashup Corporations’ detailing how enterprises could make use of Web 2.0 to develop new go to market propositions. This was followed in May 2008 by Mesh Collaboration focussing on the impact of Web 2.0 on the enterprise front office and its working techniques, then in 2010 “Enterprise Cloud Computing: A Strategy Guide for Business and Technology leaders” co-authored with well-known academic Peter Fingar and one of the leading authorities on business process, John Pyke. The book describes the wider business implications of Cloud Computing with the promise of on-demand business innovation. It looks at how businesses trade differently on the web using mash-ups but also the challenges in managing more frequent change through social tools, and what happens when cloud comes into play in fully fledged operations. Andy was voted one of the top 25 most influential CTOs in the world in 2009 by InfoWorld and is grateful to readers of Computing Weekly who voted the Capgemini CTOblog the best Blog for Business Managers and CIOs each year for the last three years.

Leave a comment

Your email address will not be published. Required fields are marked *.