Along with information on the phased restoration of PlayStation Network, Sony also outlined the steps it has taken to improve PSN’s security. These measures include advanced technical measures and personnel reassignment. Today’s press release stated:
The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls. The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI. In addition to his current role at SGS, Mr. Sakai, in his role at SNEI, will work to further reinforce overall information security across the company’s network infrastructure. Mr. Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI. As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr. Shinji Hasejima, CIO, Sony Corporation.
I was fine with PSN security before and I’m fine with it now. In my mind, every lock can be picked. While the new and improved PSN is surely more secure than its predecessor, I’m sure there are capable hackers that can take it down. The recent outage was an unusual circumstance that Sony wasn’t prepared for (even though it may or may not have asked for the problem).
To me Sakai’s new position is more notable than any technical enhancements. Having more people dedicated to combat hack attacks means that Sony will be better prepared to deal with “external intrusions” in the future.
How do you feel about Sony’s PSN security improvements? Do you feel better about storing sensitive information on your console? What do you make of Sony appointing a CISO?
Solid moves all around. I say that from an audit standpoint (SAS 70). I've conducted many IS audits, and I'd consider the new position part of an adequate response.
"Locks are for honest people"