The Need for Data Governance after the Sony Hack


The main details surrounding the Sony hack are as follows. A hacking group — apparently sponsored by the North Korean government — infiltrated the “corporate network” of Sony Pictures on Nov. 24, 2014, removing large amounts of private data, deleting original copies and leaving messages threatening to release the information if Sony did not abide by their demands. In a very slow and painful process, the group leaked the confidential information, which includes executive compensation, employee social security numbers, unreleased movies and a massive amount of corporate emails.

The leaked emails seem to have revealed some major weaknesses to Sony’s approach to data governance.
Some points to address regarding Sony’ status at that time before the data breach are:

  • Recognizing the need to reduce the company’s data amasses, but neglecting to follow through with a secure removal plan
  • Failing to take stronger measures to protect corporate intellectual property (IP) and employee personally identifiable information (PII)
  • Storing user login credentials in a file titled “passwords”

The need to implement an effective security strategy with the right solutions was needed. Especially with sensitive information such as PII and IP, not having this data encrypted with such solutions as data encryption or digital rights management have made it easy for hackers to steal this information.

Even with these solutions however, the need to ensure that all necessary files are truly secure must be ensured. With a definite guarantee to mitigate the extent of the damage from these data breaches, a mix between data governance and data encryption can ensure that your data is secure.


Photo Credit: Perspecsys Photos

Book a meeting