Survey: IT departments are losing cloud security battle

Greg Otto, FedScoop,  Friday, October 31, 2014

Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.

The Blind Men, the Elephant and the FTC’s Data Security Standards

Omer Tene, IAPP,  Thursday, October 30, 2014

Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.

Cloud & Mobile Tech Improve Emergency Systems

Todd Piett, InformationWeek,  Wednesday, October 29, 2014

Government agencies approach emergencies in four phases: mitigation, preparation, response, and recovery. This is also a useful framework for looking at some of the technical innovations in the industry. Here are some examples of how mobile and cloud technology trends are impacting each of these areas:

Taking back privacy in the post-Snowden cloud

Sean Gallagher, Ars Technica,  Tuesday, October 28, 2014

Governments aren’t going to fix cloud’s privacy problem. It’s up to the industry—and us. “In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.” How did we get in this mess? And is there any way to have both the convenience of mobile access to nearly everything while still keeping out the prying eyes of government spies and criminal crackers?

Top Security Threats Still Plaguing Enterprise Cloud Adoption

John K. Waters, Redmond Magazine,  Tuesday, October 28, 2014

The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).

Options for law enforcement to get around smartphone data encryption

Dibya Sarkar, FierceMobileGovernment,  Tuesday, October 28, 2014

Several options may be available to law enforcement officials concerned that recent actions by companies to protect and encrypt data on smartphones and other mobile devices could impact their investigations, according to a recent Congressional Research Service brief. "All of these options may involve the application of a 'back door' or 'golden key' that can allow for access to smartphones," said Finklea. "However, as has been noted, '[w]hen you build a back door...for the good guys, you can be assured that the bad guys will figure out how to use it as well.' This is the tradeoff."

Do You Know What Apps Your Employees Use?

Deborah Gage, Wall Street Journal,  Monday, October 27, 2014

Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.

Securing video surveillance data: A three step approach

Julie Anderson by Julie Anderson, Civitas Group
Monday, October 27, 2014

Last month, the FBI updated the Federal Criminal Justice Information Services Security Policy (CJIS), which prescribes methods to keep data creation, collection, transmission, storage, and destruction to establish a standard level of data protection among all governmental bodies. State and local law enforcement agencies should build on CJIS standards and incorporate three additional measures to improve security when managing its video surveillance data. Implementing these three measures, in concert, will maximize the security of storing that data...

Why Some Agencies Want a One-Size-Fits-All Policy for Mobile Devices

Aliya Sternstein, Nextgov,  Monday, October 27, 2014

Various national security agencies would like the White House to provide guidance on how to handle mobile devices in the workplace. Employees are clamoring to use their personal smartphones and managers fear falling behind the technological curve. Currently, there is no governmentwide policy on mobile device security.

The Robot in the Cloud: A Conversation With Ken Goldberg

Quentin Hardy, New York Times,  Saturday, October 25, 2014

Ken Goldberg has been thinking hard about robots for almost three decades. His work ranges from over 170 peer-reviewed papers on things like robot algorithms and social information filtering to art projects about the interaction of people and machines. In this interview he observes: "In about a year Google bought eight robotics companies. No one knows what they are doing. For sure, it’s not connected with cars; I have students in both the robotics and the self-driving car teams, and they’re not allowed to talk with each other. They may be trying to build a core operating system for robots, but that’s just a guess. They have collected some of the best minds in the field."