If that's true, then Amazon has just given some of its bigshot clients a reason to be very worried. While there are fears of losing customers to the competition amidst concerns for security, increasing security might also escalate costs. Amazon appears to be facing quite the dilemma in its cloud-computing segment.
Deep in the Amazon
Last month, Sony (NYSE: SNE ) shut down its PlayStation network upon the discovery of a network breach that endangered credit card data. At the time, some media reports claimed that the breach was the handiwork of hackers, carried out using the Amazon EC2 cloud. The hackers signed on to the Amazon Web services portal legitimately, using a fake name, and launched the attack on the Sony network.
It must have been rather easy for the hackers to have used Amazon's services using fields such as name, email ID, password, phone number, billing address, and credit card information. On registration, new users get an automated call from Amazon to put in a four-digit verification code. After that, the process is essentially complete. This setup, although convenient, probably does not dissuade people with malicious intent from using the EC2 cloud to launch attacks. Worse, there's no current means for detecting the illegal use of servers. Thus, in its efforts to better serve customers, Amazon has become a very serious liability to a lot of companies out there.
Told you so
Almost a year ago, a distributed denial of service (DDoS) attack was demonstrated using the EC2 cloud. At a hacker "conference" called DEFCON, two consultants in a lab setting used email addresses and credit cards and directed attacks at a website, which, as a result of the demonstration, had to be taken off the Internet for a while. For the hackers, the attack cost just $6 and showed how easy it is to break into the cloud.
With the issue of cloud security being brought under question, Amazon has a lot to worry about. The Amazon EC2 does not quite have a clean track record. Recently, the Amazon cloud went down, taking several start-ups such as Reddit down with it.
Meanwhile, Sony has started restoring the PlayStation network after almost a month of downtime. During its downtime, Sony surely faced a bunch of angry customers and offered a potential opening for Microsoft's (Nasdaq: MSFT ) rival Xbox. Amazon can't win a lot of new business serving clients who are being alienated like this.
Harmony on a theme
Several companies have already voiced complaints regarding the security of cloud computing. Among the most important concerns for cloud-service providers are questions of whether data can be breached within a cloud, authentication and access control, and the cloud provider's access to an enterprise's network. Even though the Amazon cloud wasn't actually hacked, these concerns are still valid for the EC2 as well.
It's realistic to expect that Amazon will start beefing up its security and authentication processes to remain a credible cloud-service provider with its clients. Doing so will naturally create additional costs and divert resources in the short term.
Meanwhile, there might be a possibility of a legal tangle if the FBI decides to investigate the Sony attack and perhaps assign some partial liability to Amazon's security standards.
Going forward, investors should take note that Amazon has several bigshot clients using its Web services, including Eli Lily (NYSE: LLY ) and Netflix (Nasdaq: NFLX ) , and that they might have serious concerns because of this. They don't want to be on the receiving end of one of these malicious attacks.
The concern for Foolish investors is that cloud security issues might eat into Amazon's market share. If the company attempts to reconfigure its efforts and lay more emphasis on security, then costs will have to go up. If that happens, small and medium businesses that use the EC2 cloud might not be able to use the cloud as easily as they used to. Reduced ease of use because of more security might also put off potential clients.
Only time can tell how the Amazon cloud evolves. One thing is for sure: Cloud computing as a whole will have to up the ante with regard to its security. That could mean increased costs and therefore reduced revenues. Investors should take note.