Into the Breach
Sony's PSN security breach looks disastrous - but it's so much worse than that
In spite of the entirely justified anger which consumers are feeling towards Sony this week - and as a consumer whose debit card has just been compromised by the security breach, while I'm living halfway around the planet from the bank which issued it, no less, I think I can speak with some authority on that anger - it's hard not to feel a little sorry for the workers at the coalface of this disaster. "Disaster" is truly the only word for it, and one flinches to imagine just how awkward life is right now for the network engineers and security specialists whose job it was to prevent such a breach.
After all, as some of the company's more ardent defenders have pointed out, it's not like Sony are the malicious party here - a determined group of hackers (but not the "Anonymous" group, as was originally assumed) illegally breached the company's security. PlayStation fans rushed to Sony's defence on those grounds; games business types, while not exactly leaping into the breach, have been vaguely muttering about the "real villains" - the implication being that consumer ire is misdirected.
Not so; consumers are quite right to be furious at Sony for this breach. Certainly, the breach was committed by hackers, but the trust relationship which has been broken here is the one which exists between consumers and the company to whom they have granted permission to hold their personal details. Consumers don't have a relationship, trusting or otherwise, with hackers. They have a relationship with Sony, and that relationship is predicated on Sony's assurance that it is a competent and responsible holder of personal data.
Forced to admit to the scale of the disaster, Sony looks incompetent and bungling.
There's absolutely no question but that this is a hugely damaging blow to Sony, and to the PlayStation in particular. The PS3 has already faced fairly significant market challenges, not least of which is the clear inferiority of the PSN services in comparison to Microsoft's more functional and widely-used Xbox Live services. Clawing back the one-year sales lead enjoyed by Microsoft has been a tough task, arguably exacerbated by the technical and economical problems created by the PS3's over-ambitious yet poorly considered hardware design. This week's scandal shoves a stick into the spokes of that effort to best Microsoft's market position.
Even if the actual damage caused by this intrusion is minimal - and there's some suggestion that it was designed to embarrass Sony rather than to actually steal customer data, being a revenge attack of sorts for Sony's recent legal and technical attempts to prevent the opening up of the PS3 to homebrew code - the reputation damage is incalculable. Forced to admit to the scale of the disaster, Sony looks incompetent and bungling; by doing so so many days after PSN originally went offline, the company looks dishonest (even if there's a genuinely good reason for the delay, as the firm claims).
Loss of face aside, though, just how seriously will this damage Sony? We've seen all manner of predictions on that front, spanning everything from the inevitable claims that it's a storm in a teacup through to the equally inevitable (and equally incorrect) claims that this is the end of the PS3 as a viable platform.
That's obviously not the case - it's ridiculous to claim that gamers are going to abandon a successful hardware platform in which they are heavily invested because of an event such as this. The negative press, however, reaches far beyond specialist sites and blogs, and will absolutely influence purchasing decisions in the months to come, depressing Sony's sales and probably giving its rivals an opportunity to extend their installed base leads - a serious blow to the company. Moreover, unless a swift resolution is reached, the story will inevitably rear its head again when the NGP, a handheld console heavily reliant on PSN, makes its way to the market.
Those are short-term impacts of the breach, though, and however severe they may be, I'd argue that they pale in comparison to a long-term effect which is more subtle, but potentially absolutely catastrophic for Sony's future business plans. In blunt terms, Sony just lost the single most valuable asset for a major player in the digital media space - consumer trust.
Right now there's a hearts and minds battle being joined over what the channels for the consumption of digital media - games, of course, but also music, movies, books and so on - will end up looking like. The really successful companies at the end of this battle will, of course, be those who can marshal impressive libraries of content to offer to users, ensuring that they don't have to shop elsewhere for the things they want to buy. Sony is well positioned to do this, thanks to having tentacles that delve deep into various different media businesses, and a strong history of building relationships between the consumer electronics space and media firms.
However, the second factor - and arguably the more important one - is the question of whether consumers trust your company to be the gatekeeper for their media purchases. Astute analysts have observed that the true value of companies like Amazon and Apple doesn't lie in the products they sell right now, but rather in the enormous number of consumers who have entrusted their credit card details to them - allowing them to buy media, commence subscriptions and so on without entering card details or personal information. The Kindle book you want is published by Random House, but you're buying it as an Amazon customer; the newspaper you're subscribing to is a News International property, but you're buying it as an Apple customer.
Sony wants to own you as a media consumer, and this week, it gave every media outlet on the planet a headline that says it's not competent to handle that role.
Similarly, Sony is keen to build up a huge library of customer information - the personal information and credit card details required to process purchases with a single tap of a button, enabling you to buy games, add-ons, DLC and various other media from a whole ecosystem of publishers and creators using Sony as your gatekeeper. It may seem like a subtle thing, but it's hugely important to the businesses involved - the company which "owns" the customer holds the dominant hand in the marketplace.
But "owning" the customer isn't an easy task, because it required a constant eye on the trust required for that relationship. That trust can be breached in many forms - abusing the relationship by misusing personal data is a common problem, for example. In the recent ruckus over Apple's subscription terms for magazines and newspapers on iTunes, the key factor wasn't the 30 per cent charge the company was levying. Rather, it was the fact that Apple wouldn't pass personal info about subscribers to the publishing companies - who presently enjoy a healthy revenue stream from hawking that personal information as a sales channel for other products. Great for the publishers, rubbish for their customers, and a breach of the implicit trust relationship between consumer and gatekeeper which Apple would not countenance.
Yet that kind of breach of trust pales in comparison to what Sony just did - or rather, didn't do, in that it clearly failed to pay the appropriate attention to the crown jewels of the PSN service, namely the database of customer information at its heart. Until this week, Sony was on the short list of firms I trusted to the same level as Amazon, Apple and their ilk with my personal and financial details. No longer - which doesn't mean I'll never buy anything from PSN again (although some people will definitely reach that conclusion), but rather that I won't ever trust them to hold details of one of my main credit or debit cards again.
Sound like a subtle problem? It's not. Sony, in the end, wants to be the trusted service from which all of your media content comes. It wants you to download music, stream movies, grab the latest games, make in-game purchases for DLC, buy books for your Sony Reader or Tablet - all using a single simple login that hooks into its customer database. It wants to own you as a media consumer, and this week, it gave every media outlet on the planet a headline that says it's not competent to handle that role.
As Sony's network team struggle to get the PSN service back online and limit the damage of this disaster, the company's executives face an even bigger headache. Apple has stolen a march in digital media distribution which now even threatens to impinge on Sony's gaming stronghold. Amazon is a huge force in ebooks, a growing force in music and almost certain to make a stab at the App space - including gaming - in the coming months. Microsoft has a superior online gaming service and a trusted brand, and is very likely to bring serious weight to bear in digital media, perhaps as a key thrust of its upcoming Windows 8 operating system. And Sony? Sony just put a dunce hat on its head and went to sit in the corner. When PSN comes back online, the long and difficult process of rebuilding consumer trust will only be beginning.
From GamesIndustry.biz Recommendations by Taboola