Sony data breach shows downsides of cloud storage

12 Dec, 2014

Sony Pictures has recently found itself dealing with the effects of a massive security breach involving huge amounts of private data, relating to both employees and household names.

Hackers are reported to have stolen and published online the Social Security numbers of 47,000 current and former employees along with others who have links to the company including Sylvester Stallone and Judd Apatow.

The attackers also accessed Twitter accounts, defaced Sony related websites and leaked movies that have yet to be released.

In recent years more and more of our data has migrated from local storage to cloud storage. Undoubtedly this evolution has provided us with many benefits, not least of which is our ability to access our personal data across multiple devices and on the move.

Today we move seamlessly between laptops, mobiles and tablets, updating, editing and accessing without a break in service.

questionThe problems faced

However this convenience and capability also presents organisations with challenges in keeping information secure and as we can see from data breaches there are downsides that represent a serious cause for concern.

In an effort to tighten up on systems stakeholders including regulatory bodies such as the European Commission have sought to establish standards for objectives, controls and guidelines in protecting personally identifiable information (PII).

Addressing the Issue

PasswordBusinesses that use cloud storage providers to hold customer data in the cloud or those who provide data to external stakeholders should be focused on ensuring this data is stored securely.

They may very well wonder just how safe this information is and seek assurances about third parties’ system integrity.

While it is difficult for any organisation to protect against a concerted attack, attempts at strengthening data process are extremely welcome.

In July 2014 the Internal Organization for Standardization (ISO) introduced ISO 27018, a set of standards and guidelines relating to cloud storage providers.

Currently ISO 27001/27002 sets out standards relating to the protection of a business’s own data security.

This is the principle standard for information security and it is the most popular but the new guidelines (ISO 27018) will address public cloud storage providers – increasingly relevant as specialist third party providers host and manage organisations’ data.

The new standards take the controls laid out in ISO 27002 and adapt these for third party providers.

For companies undertaking the analysis of their security procedures it is recommended that the ISO 27001 Information Security Standard is considered as this looks at the main components of information security, however the more niche standards such as the ISO 27018 should be looked into if the aspect covered plays an important role in business operations.

What next for Sony?

The latest incident at Sony represents another bad data episode and follows on from a previous attack in 2011 on its PlayStation Network. That incident has resulted in the company agreeing to a $15m preliminary settlement in July of this year.

The cost of this latest breach is likely to be considerably higher with the financial cost encompassing litigation from those affected and fines imposed by regulatory authorities for any failures in internal controls.

If you would like more information regarding the ISO 27001 Information Security Management Standard or would like advice regarding a particular element then please get in contact on 01905 670 303 or by email on info@isoqsltd.com

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Primarily working with clients throughout the whole of the UK and Ireland, ISO Quality Services Ltd also cover Europe and the UAE.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today!

ISO 27001 Information Security Management Standard

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

News Archive

  • News Archive

Featured News

Related Posts

Get Our Top Tips for Managing Lockdown 2.0!

17 Nov, 2020

In light of lockdown 2.0 across England, get all of our top tips for looking after your wellbeing and staying productive during home working…

COVID-19: Living Alone

17 Nov, 2020

The Mental Health Foundation reported that 1 in 4 people (24%) felt lonely during lockdown, up from 1 in 10 (10%) shortly before lockdown.  If you’re living alone, it’s understandable if you’re lonely and finding the experience tough.  Here are our tips for coping alone…

From DISC to DIY

12 Nov, 2020

How has our personal development training helped our Business Development Specialist, Stacey Humm, through both this pandemic and re-decorating her kitchen?

Achieving the UK Business Heroes Stamp!

28 Oct, 2020

We are pleased to announce that we have been recognised as a ‘UK Business Hero’ by The British Chamber of Commerce!