Greg Otto, FedScoop, Friday, October 31, 2014
Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.
Omer Tene, IAPP, Thursday, October 30, 2014
Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.
Todd Piett, InformationWeek, Wednesday, October 29, 2014
Government agencies approach emergencies in four phases: mitigation, preparation, response, and recovery. This is also a useful framework for looking at some of the technical innovations in the industry. Here are some examples of how mobile and cloud technology trends are impacting each of these areas:
Sean Gallagher, Ars Technica, Tuesday, October 28, 2014
Governments aren’t going to fix cloud’s privacy problem. It’s up to the industry—and us. “In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.” How did we get in this mess? And is there any way to have both the convenience of mobile access to nearly everything while still keeping out the prying eyes of government spies and criminal crackers?
John K. Waters, Redmond Magazine, Tuesday, October 28, 2014
The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).
Dibya Sarkar, FierceMobileGovernment, Tuesday, October 28, 2014
Several options may be available to law enforcement officials concerned that recent actions by companies to protect and encrypt data on smartphones and other mobile devices could impact their investigations, according to a recent Congressional Research Service brief. "All of these options may involve the application of a 'back door' or 'golden key' that can allow for access to smartphones," said Finklea. "However, as has been noted, '[w]hen you build a back door...for the good guys, you can be assured that the bad guys will figure out how to use it as well.' This is the tradeoff."
Deborah Gage, Wall Street Journal, Monday, October 27, 2014
Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.
Monday, October 27, 2014
Last month, the FBI updated the Federal Criminal Justice Information Services Security Policy (CJIS), which prescribes methods to keep data creation, collection, transmission, storage, and destruction to establish a standard level of data protection among all governmental bodies. State and local law enforcement agencies should build on CJIS standards and incorporate three additional measures to improve security when managing its video surveillance data. Implementing these three measures, in concert, will maximize the security of storing that data...
Aliya Sternstein, Nextgov, Monday, October 27, 2014
Various national security agencies would like the White House to provide guidance on how to handle mobile devices in the workplace. Employees are clamoring to use their personal smartphones and managers fear falling behind the technological curve. Currently, there is no governmentwide policy on mobile device security.
Quentin Hardy, New York Times, Saturday, October 25, 2014
Ken Goldberg has been thinking hard about robots for almost three decades. His work ranges from over 170 peer-reviewed papers on things like robot algorithms and social information filtering to art projects about the interaction of people and machines. In this interview he observes: "In about a year Google bought eight robotics companies. No one knows what they are doing. For sure, it’s not connected with cars; I have students in both the robotics and the self-driving car teams, and they’re not allowed to talk with each other. They may be trying to build a core operating system for robots, but that’s just a guess. They have collected some of the best minds in the field."