经济学人33:云计算的发轫之困(在线收听

   Cloud computing's growing pains

  云计算的发轫之困
  Break-ins and breakdowns
  侵入和故障
  The lessons from Sony's big security lapse and Amazon's cloud-computing outage
  从索尼的巨大安全漏洞和亚马逊的云计算中断中汲取的教训
  IT COULD turn out to be the biggest breach of data privacy since the advent of the internet. Sony admitted this week that hackers had stolen personal information, possibly including credit-card details, of many of the 77m-plus users of its online-gaming and entertainment networks. The Japanese company did not admit the full extent of the potential risks to its customers until nearly a week after it had taken its PlayStation Network off air, though it insisted that it had done so as soon as it realised how serious the intrusion into its systems had been.
  这可能是互联网出现以来最大一宗违反数据保密的事件了。本周,索尼承认,黑客们盗走其在线游戏和娱乐网络中超过7700万用户的个人信息——很可能包括信用卡资料。在将PlayStation网络关闭近一周之后,索尼才向它的客户承认其潜在风险。尽管如此,索尼坚称,在它意识到系统被侵的严重性之后,它便做出了反应。
  Amazon, an American online retailer and provider of "cloud computing" services, has also suffered a lengthy breakdown at one of the giant server farms whose storage and processing facilities it rents to other companies. The two lapses, though unconnected and different in nature, have raised the question of whether customers can really trust the basic idea behind the cloud-that you can buy computing services from the internet, just like gas or water from a utility.
  美国网上零售商以及“云计算”服务的供应商亚马逊的其中一个巨型服务器场也经历了漫长的故障。这一服务器场的存储器和处理设备被用来租借给其它公司。尽管两起事故并无关联且本质不同,但人们不禁要问,我们能真的能相信“云”背后的基本理念吗?——我们从互联网购买计算服务就像从公用事业单位购买煤气或水那样?
  Sony's security breach is particularly embarrassing because it wants to position its PlayStation console as an entertainment hub capable of delivering films and music over the internet, in addition to video games. An entertainment one-stop-shop of this nature will appeal to consumers only if it is secure and reliable; a DVD, after all, does not suddenly refuse to play for a week. Sony also failed to encrypt some of the personal details of its customers-an elementary error for a company that prides itself on its technological prowess. In Amazon's case, the problems were caused by a glitch that took longer than expected to resolve, affecting the operations of several internet firms (including Reddit, Quora, HootSuite and Foursquare) that use its services, and denting the reputations of all concerned-as well as that of the cloud itself.
  安全漏洞让索尼陷入相当尴尬的境地——因为索尼希望将PlayStation游戏机定位为能够通过互联网提供电影和音乐的娱乐中心,而不仅仅是电子游戏。只有足够安全且值得信赖,这种性质的一站式娱乐才能吸引用户。毕竟,仅仅是DVD的话,不会突然被关闭一周。在加密其用户个人资料方面索尼也是失败的——对于一个标榜其技术实力的公司而言,这是一个基本的失误。在亚马逊的案例中,问题是由一个小故障造成的,解决这一问题耗时比预期要长,影响了一些互联网公司(包括使用其服务的Reddit, Quora, HootSuite 和 Foursquare)的运营,对所有相关方的名誉都产生了不利影响——“云”本身也概莫能外。
  But building a totally secure and reliable cloud-based system, or indeed any other kind of computer system, is impossible. More break-ins and breakdowns are inevitable. What matters is that service-providers, consumers and corporate clients all learn the right lessons from the events of the past week.
  不过,建立一个完全安全、值得信赖的基于“云”的系统或者实际上其它类型的计算机系统是不可能的。更多的侵入与故障不可避免。重要的是,服务供应商、用户、企业用户从上周的事件当中汲取正确的教训。
  Cloud-cuckoo-land
  太虚幻境
  For providers of online services, the main lesson, beyond the obvious need to adhere to basic principles of computer security, is the importance of being open with customers when things go wrong. This seems to be something that is particularly difficult for Japanese firms, with their consensus-based decision-making and a reluctance to tell superiors when problems arise. Sony remained tight-lipped when it should have been forthcoming. Amazon has also been criticised for providing only a small amount of rather vague information about the outage. One user gave the company an "F" for communication this week; another complained that its updates seemed to have been written by its lawyers rather than its engineers.
  对网络服务供应商而言,最大的教训除了明显需要坚持计算机安全基本原则以外,就是出了问题要及时向用户公开信息。对日本公司而言,这似乎相当困难。日本公司以共识为基础进行决策,当出现问题时不愿向上级反映。索尼本应透露一些信息的,但是它守口如瓶。亚马逊也因在中断服务后只提供了少量语焉不详的信息而遭批评。本周,一位用户向亚马逊传达的信息是F___,另一位抱怨说,亚马逊的程序更新似乎是它的律师——而非工程师——编写的。
  Consumers, meanwhile, should ensure that they do not use the same passwords on multiple online systems, which exposes them to the danger that a compromise in one system will enable the same credentials to be used to access another. Being able to manage passwords and spot "phishing" e-mails that try to trick recipients into revealing bank details and other information are now important life skills, like it or not.
  与此同时,用户们应当确保在多个联机系统上不要使用同样的密码,那很危险:对一个系统的妥协,会在进入另外一个系统时使用相同的凭据。不管你喜欢不喜欢,能够管理密码、识别意欲欺骗收信人透漏银行或其它信息现在都是重要的生活技能。
  The lesson for companies let down by Amazon's outage is that they need to be aware of the risks of being too reliant on a single supplier, with cloud computing as with anything else. Firms that use cloud-based systems should be looking at ways to distribute work across multiple providers. Although the cloud has many benefits and is generally quite reliable, it is clearly bound to produce the odd thunderstorm.
  对于那些受亚马逊中断影响而感到沮丧的公司而言,他们应该意识到对单一供应商——提供云计算也好,其它服务也好——过于信赖的风险。使用基于“云”系统的公司应当探究将鸡蛋在不同的篮子里面。尽管“云”有许多有点,总体上相当值得信赖,但偶尔会产生“雷雨”,这也是不争的事实。
  原文地址:http://www.tingroom.com/lesson/jjxrfyb/zh/236745.html