Sony security fiasco leads to new post of Chief Information Security Officer

The ongoing tales of security woe continue, as Sony, still working to recover from a breach of its PlayStation Network (involving loss of information on over 70 million users), announced another loss, this time from its Sony Online Entertainment operations.

The announcement stated that in this latest loss, the intruders obtained personal information for over 24 million people. Interestingly, Sony stated that that was another data loss stemming from the original breach, and not the result of a separate attack.

We don’t currently have any detailed visibility into the attack vector or sequence of events at Sony, although in yesterday’s testimony and letter to the US Congress, Sony stated that last month’s Distributed Denial-of-Service attack provided cover (or a mechanism) for the breach.

As a direct result of this attack, Sony has taken the admirable step of creating a new post of Chief Information Security Officer, as well as instituting a number of operational security improvements (automated monitoring & intrusion detection, improved data protection and encryption, network activity pattern matching, and network perimeter strengthening).

While these operational elements are important (and tactically necessary), I’d recommend to the new CISO that he or she carefully look at their enterprise, and make sure that they can reliably answer the question “who has access to what?” Strategically, access governance has been shown to be a key part of an enterprise’s overall security strategy – helping organizations improve their security posture and meet compliance requirements.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Brian Cleary is vice president of products and marketing at Aveksa, a leading provider of enterprise access governance solutions. Brian has more than 17 years of experience directing technology marketing initiatives for both emerging technology companies and top-tier enterprise software vendors. In previous positions, Brian served as vice president of marketing at OpenPages and as senior vice president of marketing at Computer Associates (CA). He has also held management positions at Netegrity, Allaire Corporation and Macromedia. He holds a bachelor’s degree from Syracuse University.