[johngd]

Anecdotally, I knew some guys who worked at (or with?) the global security division at Sony US HQ.

The story went that each of the Sony subsidiaries[1] had their own security division that was largely autonomous for reasons of politics and budget, of course. Each part of the company had different vendors, different policies and procedures, and different philosophies on how security should be implemented.

When they would all send their representatives to have a global security pow wow, however often it happened, it ended up like an episode of game of thrones.

[1] http://en.wikipedia.org/wiki/Sony_Corporation_shareholders_a...

[drivingmenuts]

> The story went that each of the Sony subsidiaries[1] had their own security division that was largely autonomous for reasons of politics and budget, of course. Each part of the company had different vendors, different policies and procedures, and different philosophies on how security should be implemented.

And they could centralize all of that and ... it still wouldn't solve the problem. You'd have a single point of failure that might still leave them with their pants down at the end of the day.

Some days, you just can't win. You can have the smartest people (they probably didn't), the best hardware and software (ditto) and you're still gonna get punched in the junk.

[johngd]

Absolutely. I think it is a very difficult problem to solve as companies grow larger and larger and rise to behemoth proportions all while trying to tackle something that is relatively new (the security concerns of today, as opposed to say the 80's,90's,2000's when Sony didn't have to be as competitive in the products that they offered) and typically expensive (for a company Sony's size) where funding for these things seem to be viewed in terms of $ now, instead of potential $ later.