Sony data breach shows downsides of cloud storage

12 Dec, 2014

Sony Pictures has recently found itself dealing with the effects of a massive security breach involving huge amounts of private data, relating to both employees and household names.

Hackers are reported to have stolen and published online the Social Security numbers of 47,000 current and former employees along with others who have links to the company including Sylvester Stallone and Judd Apatow.

The attackers also accessed Twitter accounts, defaced Sony related websites and leaked movies that have yet to be released.

In recent years more and more of our data has migrated from local storage to cloud storage. Undoubtedly this evolution has provided us with many benefits, not least of which is our ability to access our personal data across multiple devices and on the move.

Today we move seamlessly between laptops, mobiles and tablets, updating, editing and accessing without a break in service.

questionThe problems faced

However this convenience and capability also presents organisations with challenges in keeping information secure and as we can see from data breaches there are downsides that represent a serious cause for concern.

In an effort to tighten up on systems stakeholders including regulatory bodies such as the European Commission have sought to establish standards for objectives, controls and guidelines in protecting personally identifiable information (PII).

Addressing the Issue

PasswordBusinesses that use cloud storage providers to hold customer data in the cloud or those who provide data to external stakeholders should be focused on ensuring this data is stored securely.

They may very well wonder just how safe this information is and seek assurances about third parties’ system integrity.

While it is difficult for any organisation to protect against a concerted attack, attempts at strengthening data process are extremely welcome.

In July 2014 the Internal Organization for Standardization (ISO) introduced ISO 27018, a set of standards and guidelines relating to cloud storage providers.

Currently ISO 27001/27002 sets out standards relating to the protection of a business’s own data security.

This is the principle standard for information security and it is the most popular but the new guidelines (ISO 27018) will address public cloud storage providers – increasingly relevant as specialist third party providers host and manage organisations’ data.

The new standards take the controls laid out in ISO 27002 and adapt these for third party providers.

For companies undertaking the analysis of their security procedures it is recommended that the ISO 27001 Information Security Standard is considered as this looks at the main components of information security, however the more niche standards such as the ISO 27018 should be looked into if the aspect covered plays an important role in business operations.

What next for Sony?

The latest incident at Sony represents another bad data episode and follows on from a previous attack in 2011 on its PlayStation Network. That incident has resulted in the company agreeing to a $15m preliminary settlement in July of this year.

The cost of this latest breach is likely to be considerably higher with the financial cost encompassing litigation from those affected and fines imposed by regulatory authorities for any failures in internal controls.

If you would like more information regarding the ISO 27001 Information Security Management Standard or would like advice regarding a particular element then please get in contact on 01905 670 303 or by email on

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Primarily working with clients throughout the whole of the UK and Ireland, ISO Quality Services Ltd also cover Europe and the UAE.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today!

ISO 27001 Information Security Management Standard

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Unleashing the Power of Online Reviews

9 Jun, 2023

Clause 9 is a critical aspect of a well-functioning management system.  The ISO 9001 Quality Management System (QMS) places a strong emphasis on customer satisfaction and the need to measure, evaluate and improve performance.  But what impact do online reviews have on your business’s performance evaluation?

Ethos Group Become a SSAFA Corporate Partner

11 Apr, 2023

When we heard the news that Ethos Group had become Corporate Partners of fellow clients SSAFA, we wanted to share the amazing work they’ve been doing for the defence and armed forces community. 

Egg-cellent Support for Worcester Foodbank

4 Apr, 2023

The ISO QSL Good Egg Awards returned once again to support Worcester Foodbank, receiving an egg-cellent response of over 150 nominations.

The Return of ISO QSL Annual Charity Golf Day!

4 Apr, 2023

We are thrilled to announce the return of our annual charity Golf Day on Tuesday 13th June at Bransford Golf Club. It’s not just a Golf Day. This event is all about raising money for Midlands Air Ambulance Charity!