Sony data breach shows downsides of cloud storage

12 Dec, 2014

Sony Pictures has recently found itself dealing with the effects of a massive security breach involving huge amounts of private data, relating to both employees and household names.

Hackers are reported to have stolen and published online the Social Security numbers of 47,000 current and former employees along with others who have links to the company including Sylvester Stallone and Judd Apatow.

The attackers also accessed Twitter accounts, defaced Sony related websites and leaked movies that have yet to be released.

In recent years more and more of our data has migrated from local storage to cloud storage. Undoubtedly this evolution has provided us with many benefits, not least of which is our ability to access our personal data across multiple devices and on the move.

Today we move seamlessly between laptops, mobiles and tablets, updating, editing and accessing without a break in service.

questionThe problems faced

However this convenience and capability also presents organisations with challenges in keeping information secure and as we can see from data breaches there are downsides that represent a serious cause for concern.

In an effort to tighten up on systems stakeholders including regulatory bodies such as the European Commission have sought to establish standards for objectives, controls and guidelines in protecting personally identifiable information (PII).

Addressing the Issue

PasswordBusinesses that use cloud storage providers to hold customer data in the cloud or those who provide data to external stakeholders should be focused on ensuring this data is stored securely.

They may very well wonder just how safe this information is and seek assurances about third parties’ system integrity.

While it is difficult for any organisation to protect against a concerted attack, attempts at strengthening data process are extremely welcome.

In July 2014 the Internal Organization for Standardization (ISO) introduced ISO 27018, a set of standards and guidelines relating to cloud storage providers.

Currently ISO 27001/27002 sets out standards relating to the protection of a business’s own data security.

This is the principle standard for information security and it is the most popular but the new guidelines (ISO 27018) will address public cloud storage providers – increasingly relevant as specialist third party providers host and manage organisations’ data.

The new standards take the controls laid out in ISO 27002 and adapt these for third party providers.

For companies undertaking the analysis of their security procedures it is recommended that the ISO 27001 Information Security Standard is considered as this looks at the main components of information security, however the more niche standards such as the ISO 27018 should be looked into if the aspect covered plays an important role in business operations.

What next for Sony?

The latest incident at Sony represents another bad data episode and follows on from a previous attack in 2011 on its PlayStation Network. That incident has resulted in the company agreeing to a $15m preliminary settlement in July of this year.

The cost of this latest breach is likely to be considerably higher with the financial cost encompassing litigation from those affected and fines imposed by regulatory authorities for any failures in internal controls.

If you would like more information regarding the ISO 27001 Information Security Management Standard or would like advice regarding a particular element then please get in contact on 01905 670 303 or by email on

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Primarily working with clients throughout the whole of the UK and Ireland, ISO Quality Services Ltd also cover Europe and the UAE.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today!

ISO 27001 Information Security Management Standard

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Our View: First Fence Limited

26 Feb, 2021

Find out what Senior Lead Assessor, Colin Watkins and Client Care Team Leader, Lauren Kebby had to say about First Fence Limited

10 Cyber Security Tips for Remote Working

23 Feb, 2021

Since the first lockdown, cyber security has been on the rise but why? Quite simply because remote working employees are easy targets and businesses are finding it difficult to manage everyone. So, what can organisations do to protect their cyber security?

What is the purpose of your support meeting?

22 Feb, 2021

Support meeting, internal review, bi-annual meeting – it all means the same thing. It is a non-certificate dependent check from us to ensure that you are on track with your management system.  Let’s face it, nobody wants to have a week of panic prior to their recertification audit to gather all the supporting evidence and worse still, fail an audit and not receive their certification at all!

Three Great Reasons to Nominate Someone In Our Good Egg Awards…

8 Feb, 2021

Recognise those who have gone above and beyond for your organisation during the pandemic in our Good Egg Awards…..