Sony data breach shows downsides of cloud storage

12 Dec, 2014

Sony Pictures has recently found itself dealing with the effects of a massive security breach involving huge amounts of private data, relating to both employees and household names.

Hackers are reported to have stolen and published online the Social Security numbers of 47,000 current and former employees along with others who have links to the company including Sylvester Stallone and Judd Apatow.

The attackers also accessed Twitter accounts, defaced Sony related websites and leaked movies that have yet to be released.

In recent years more and more of our data has migrated from local storage to cloud storage. Undoubtedly this evolution has provided us with many benefits, not least of which is our ability to access our personal data across multiple devices and on the move.

Today we move seamlessly between laptops, mobiles and tablets, updating, editing and accessing without a break in service.

questionThe problems faced

However this convenience and capability also presents organisations with challenges in keeping information secure and as we can see from data breaches there are downsides that represent a serious cause for concern.

In an effort to tighten up on systems stakeholders including regulatory bodies such as the European Commission have sought to establish standards for objectives, controls and guidelines in protecting personally identifiable information (PII).

Addressing the Issue

PasswordBusinesses that use cloud storage providers to hold customer data in the cloud or those who provide data to external stakeholders should be focused on ensuring this data is stored securely.

They may very well wonder just how safe this information is and seek assurances about third parties’ system integrity.

While it is difficult for any organisation to protect against a concerted attack, attempts at strengthening data process are extremely welcome.

In July 2014 the Internal Organization for Standardization (ISO) introduced ISO 27018, a set of standards and guidelines relating to cloud storage providers.

Currently ISO 27001/27002 sets out standards relating to the protection of a business’s own data security.

This is the principle standard for information security and it is the most popular but the new guidelines (ISO 27018) will address public cloud storage providers – increasingly relevant as specialist third party providers host and manage organisations’ data.

The new standards take the controls laid out in ISO 27002 and adapt these for third party providers.

For companies undertaking the analysis of their security procedures it is recommended that the ISO 27001 Information Security Standard is considered as this looks at the main components of information security, however the more niche standards such as the ISO 27018 should be looked into if the aspect covered plays an important role in business operations.

What next for Sony?

The latest incident at Sony represents another bad data episode and follows on from a previous attack in 2011 on its PlayStation Network. That incident has resulted in the company agreeing to a $15m preliminary settlement in July of this year.

The cost of this latest breach is likely to be considerably higher with the financial cost encompassing litigation from those affected and fines imposed by regulatory authorities for any failures in internal controls.

If you would like more information regarding the ISO 27001 Information Security Management Standard or would like advice regarding a particular element then please get in contact on 01905 670 303 or by email on

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Primarily working with clients throughout the whole of the UK and Ireland, ISO Quality Services Ltd also cover Europe and the UAE.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today!

ISO 27001 Information Security Management Standard

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Tree which is half green and half dying on land which is half cracked earh and half healthy green grass

5 Ways to Support Employees with Climate Anxiety

7 Dec, 2023

With 3 in 4 adults reportedly ‘feeling worried about climate change’, here are five ways you can support climate anxiety in your employees.

Why Technology Could be Your Greatest Strength and Biggest Risk

17 Oct, 2023

In this guest article with Duncan Sutcliffe from Sutcliffe & Co Insurance Brokers, we look at why brokers are talking about cyber and data insurance, and the growth in demand for cyber security and information security standards like ISO 27001.

ISO QSL Bingo Box Challenge Is Back!

2 Oct, 2023

We are thrilled to announce the return of our Bingo Box challenge for the 6th time! Foodbanks, the lifelines for countless families, are grappling with unprecedented demand, leaving their shelves empty and their resources stretched thin.

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.