Why Sony's Breach Matters
This past year has seen more wide-spread, massive-scale, and damaging computer system breaches than any time in history. The Sony breach is just the latest - not the first or most creative or even the most destructive computer system breach. It matters because it is a defining moment and turning point to significant and disruptive changes to enterprise and business computing.
The dramatic nature of today's breaches impacts the enterprise computing infrastructure at both the endpoint and server infrastructure points. This is a good news and bad news situation.
The bad news is that we have likely reached the limits as to how much the existing infrastructure can be protected. One should not dismiss the Sony breach because of their simplistic security architecture (a file Personal passwords.xls with passwords in it is entertaining but not the real issue). The bad news continues with the reality of the FBI assertion of the role of a nation state in the attack or at the very least a level of sophistication that exceeded that of a multi-national corporation.
The good news is that several billion people are already actively using cloud services and mobile devices. With these new approaches to computing, we have new mechanisms for security and the next generation of enterprise computing. Unlike previous transitions, we already have the next generation handy and a cleaner start available. It is important to consider that no one was "training" on using a smartphone
- no courses, no videos, no tutorials. People are just using phones and tablets to do work. That's a strong foundation.
In order to better understand why this breach and this moment in time is so important, I think it is worth taking a trip through some personal history of breaches and reactions. This provides context as to why today we are at a moment of disruption.
...
"The bad news is that we have likely reached the limits as to how much the existing infrastructure can be protected. ..."
Bzzzt! Wrong answer!
We may have reached the limits of how much IT managers are willing to enforce security standards, but that is not the limits of the protection which is available. End-to-end email encryption would have prevented this hack.
This was a feature available off-the-shelf in Lotus Notes (Does anyone remember Lotus?), and it's built-in to every major email client right now. And that's just ONE common-sense measure that could be used RIGHT NOW to improve security.
The limit is not in the technology - it's in the short-sighted "It can't happen here" attitudes of the Buzzword Babies who infest too many IT organizations.
Bill Horne Moderator