Home | Cloud | Is Basic Security Really That Hard, Sony?
Is Basic Security Really That Hard, Sony?

Is Basic Security Really That Hard, Sony?

0 Flares Twitter 0 Facebook 0 Google+ 0 StumbleUpon 0 Buffer 0 LinkedIn 0 Filament.io 0 Flares ×

In something that feels like the 1980’s, Gizmodo has published an article showing that Sony used spreadsheets to track their system passwords. Worse than that, the spreadsheets and folders clearly contained the word “password” within them.  According to this article on The Register, Sony’s security team numbered only 11 people and the company had been through rounds of cost cutting their IT staff.

It’s hard to know where to begin in imagining how bad the idea of storing passwords in spreadsheets can be.  A spreadsheet doesn’t represent a single point of truth – people copy and share spreadsheet files, so this assumes that those passwords rarely if ever changed.  Without a sensible passwords and credentials policy (and without suitable tools), even exposing passwords to external users represents a serious risk of attack by disgruntled employees.  Static passwords provide no audit trail and tempt administrators to hard code them into scripts, further aiding hackers who can easily sniff out embedded credentials.

Since I started to write this post, things have declined further for Sony.  Now the organisation responsible for the hack attack and data theft, Guardians of Peace, have released details on celebrity aliases and it’s being reported that Sony is fighting back through their own DDoS attacks, allegedly using AWS, although that’s not confirmed.

The Architect’s View

Data and network security still seems to take a back seat in some organisations, with crazy approaches to system management.  Look out for security-related articles from our own Rob Lyle (twitter @thebizarch) as we look in depth at some of the more technical aspects of protecting your network and data assets.

Related Links

 

Comments are always welcome; please read our Comments Policy first.  If you have any related links of interest, please feel free to add them as a comment for consideration.  

Subscribe to the newsletter! – simply follow this link and enter your basic details (email addresses not shared with any other site).

Copyright (c) 2009-2014 – Chris M Evans, first published on http://blog.architecting.it, do not reproduce without permission.

About Chris M Evans

Chris M Evans has worked in the technology industry since 1987, starting as a systems programmer on the IBM mainframe platform, while retaining an interest in storage. After working abroad, he co-founded an Internet-based music distribution company during the .com era, returning to consultancy in the new millennium. In 2009 Chris co-founded Langton Blue Ltd (www.langtonblue.com), a boutique consultancy firm focused on delivering business benefit through efficient technology deployments. Chris writes a popular blog at http://blog.architecting.it, attends many conferences and invitation-only events and can be found providing regular industry contributions through Twitter (@chrismevans) and other social media outlets.
0 Flares Twitter 0 Facebook 0 Google+ 0 StumbleUpon 0 Buffer 0 LinkedIn 0 Filament.io 0 Flares ×