Home > 2011 > Identity Theft > Game Over: Cloud Computing and the Sony Breach

Game Over: Cloud Computing and the Sony Breach

Advertiser Disclosure Comments 0 Comments

There’s been a lot of commentary and gotcha-style journalism surrounding the Sony data breach, but not much constructive criticism.

Yes, the breach could have easily been prevented. Had Sony enabled fairly standard firewall technology and kept its systems up-to-date with the latest patches, none of this most likely would have happened.

Since most of us have enabled firewalls on our personal computers and are aware of the risks if we don’t, Sony’s mistake immediately smacks of foolishness. But setting up protection for a network of 100 million users is a little different than protecting the Mac in your living room.

Sony’s breach is a valuable lesson for many organizations considering a transition to the cloud. Already the media is reporting that businesses are rethinking it. And that’s a good thing.

Any transition from one kind of data system to another needs serious thought. That’s the Sony lesson: Migrating data from a traditional system to a new technology must be done very carefully. Shifting from classical to cloud isn’t as easy as the snappy alliteration makes it seem.

Whatever move your data is making, you must ensure all relevant security measures are enabled. If the servers are connected to the Internet, yes Sir Howard Stringer, you need a firewall. But even if it isn’t, you need to ask questions such as, What information is guarded? How is it guarded? What is the scalability, and how can it be exploited? How do we know that someone is after our data?

The second lesson we can learn here is the rule of maximum leverage. Leverage all security elements to maximum potential. Businesses of all sizes have a patch management policy, most likely executed by an inside professional security team. It would have been to Sony’s benefit to have such a functioning policy in place, and, with 100 million users, to make sure it’s as rigorous as possible, with tight control on its execution.

We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only about the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases? Whenever data is transitioned someone needs to know enough to ask the right questions. The human element is the most important security element. It is human creativity that pushes technology to its maximum functionality. Security needs a vision and strong ruler fully supported by executive management.  After all, someone has to flip that firewall switch.

More from Identity Theft 911:

Image courtesy of iwannt, via Flickr

A version of this article originally appeared on Identity Theft 911 on May 26, 2011.

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.