It’s not often that I read the showbiz bible Variety or the Hollywood Reporter when doing background research for a piece on cloud computing. Yet here we are — again — pondering the pervasive perniciousness of breaking into entertainment-industry data assets.
This time around it’s HBO. A late July break-in by allegedly coordinated forces, targeted, according to the Hollywood Reporter, “specific content and data housed in different locations.” Should the attack actually amount to a possible 1.5 terabytes, that would be roughly equivalent to the infamous Sony Studios hack of 2014 — multiplied by a factor of nearly seven. According to multiple reports, episodes of Game of Thrones and significant other broadcast content assets were downloaded.
It’s not easy to steal 1.5 terabytes of data. Downloading that much, even to multiple destinations, takes time. Should alarm bells have gone off? Did they? For now, I’ll stay away from speculating about the woes of others.
Yahoo had a billion user accounts hacked in 2013. The Sony hack of 2014 stole not just broadcast and theatrical content, but e-mail messages that embarrassed many and led to the ouster of co-chairman Amy Pascal and others in her wake.
CNN reported in June 2017 that government websites in four states, New York, Maryland, Ohio, and, most recently, Washington, were hacked to the extent of having anti-American messages displayed.
Let’s face the reality: Security is little more than wishful thinking. If you believe an application, system, data store, or infrastructure to be secure, you are asking for a world of trouble.
Banks. Software companies, including Adobe. Government agencies. Media titans. Retail giants, including Target and TJX. Even security company RSA itself was breached in 2011. Windows XP, launched in October 2001 and retired in April 2014 is still the object of security patches from Microsoft. Hospitals have had their data held for ransom. So has a guest check-in system at a hotel in Europe.
The problem with security is that no matter how many onion-like layers we pile on, no matter how pervasive and sophisticated two-factor or even biometric authentication becomes, it can never be enough. All it takes is one click on an innocent-looking e-mail message by a well-meaning employee to circumvent years of efforts and millions of dollars invested. Perhaps we’re seeing the rise of a new mini-industry: HaaS, hacking as a service.
As application developers, there’s only so much we can do. Test APIs to ensure they are up to the latest standards and versions. Log activity into journal files. Working closely with business executives and various IT groups — QA, testing, operations — is essential. So is asking obnoxiously intrusive questions about planning for app security before a line of code is written. Breaches, after all, are themselves obnoxiously intrusive.
If there was an answer to these major security problems, it’s reasonable to think the combination of big brains and deep pockets would have figured it out by now. Alas, no one has. It’s possible no one ever will.
No one is closer to the bits and bytes, the very lifeblood that flows through the arteries of cloud-based IT systems than application developers. What is your organization doing to step up security? What plans are in place to deal with a breach after it occurs. What’s your role? There’s lots to talk about. Share your thoughts, we’d like to hear from you.