Policy & Procurement

Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.

What EC v. Google means for US government users

Karen Evans by Karen Evans, KE&T Partners
Friday, April 24, 2015

While the Commission’s case is directed at Google’s conduct in the consumer market, it is important to consider the significant implications this has for enterprise users globally in both the public and private sectors. The EC’s decision reinforces the necessity that customers must educate themselves on the data-use terms of their cloud providers and craft their contracts accordingly.

Europe Looks to Tame Web’s Economic Risks

Tom Fairless, Wall Street Journal,  Friday, April 24, 2015

The European Union could create a powerful new regulator to oversee a swath of mainly U.S.-based Internet companies, according to an internal document that lays bare the deep concerns in top EU policy circles around the economic threat posed by companies like Google Inc. and Facebook Inc. Such a move would throw the biggest obstacle yet in the way of U.S. Internet companies operating in Europe, a number of which are already embroiled in investigations and lawsuits over issues including unfair competition and tax avoidance.

ISO 27018 and protecting personal information in the cloud: a first year scorecard

Richard Kemp, Business Cloud News,  Thursday, April 23, 2015

A year after it was published, – the first international standard focusing on the protection of personal data in the public cloud – continues, unobtrusively and out of the spotlight, to move centre stage as the battle for cloud pre-eminence heats up.

Cloud privacy, security improving but obstacles remain

Rob Wright, TechTarget,  Wednesday, April 22, 2015

Security experts discussed the state of cloud privacy and security at RSA Conference 2015, arguing that while major improvements have been made, serious concerns remain. In a session Tuesday titled "Security and Privacy in the Cloud: How Far Have We Come?" panel moderator John Pescatore, director of the SANS Institute, asked representatives from Microsoft and Google how their companies have improved cloud security and privacy standards for both users and employees over the last year.

What EC v. Google means for US government users

Karen Evans by Karen Evans, KE&T Partners
Wednesday, April 22, 2015

What is old is new again. Another tech behemoth is facing significant government antitrust allegations. After a five-year investigation, the European Commission (EC) has issued formal antitrust charges against Google focused on the company’s Internet search dominance. The EC has also launched a formal investigation into Android – Google’s ad-subsidized mobile platform. On April 15, the EC sent a Statement of Objections to Google outlining its view that Google abuses its position by favoring its own products in search. According to the statement, “The Commission's preliminary view is that such conduct infringes EU antitrust rules because it stifles competition and harms consumers.” While the Commission’s case is directed at Google’s conduct in the consumer market, it is important to consider the significant implications this has for enterprise users globally in both the public and private sectors. The EC’s decision reinforces the necessity that customers must educate themselves on the data-use terms of their cloud providers and craft their contracts accordingly.

A booster shot for cloud privacy standards?

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, April 22, 2015

A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:

Cloud Infrastructure Spending Grows, Will Reach $32 Billion in 2015

Cheryl Kemp, The Whir,  Wednesday, April 22, 2015

Cloud infrastructure spending will account for 33 percent of all IT infrastructure spending in 2015 according to the Worldwide Quarterly Cloud IT Infrastructure Tracker released on Tuesday by IDC. This growth represents an increase of 21 percent over 2014.

NIST issues draft de-identification guidance for personally identifiable information

Molly Bernhart Walker, FierceGovernmentIT,  Wednesday, April 22, 2015

As federal agencies deal with more sensitive information – from digital documents to troves of "big data" – de-identifying personally identifiable information is an emerging challenge. Because agencies are under increased pressure to make raw data open to the public, the removal of sensitive personal information from that data is critical. In a new draft publication, the National Institute of Standards and Technology explores techniques for de-identification and summarizes almost 20 years of research.

How can ISO 27017 and 27018 help secure the cloud?

Davey Winder, CloudPro UK,  Tuesday, April 21, 2015

Standards are crucial to both secure the cloud and give businesses the confidence they need to make the move. Which is where ISO 27017 and ISO 27018 come in as new standards for cloud services. The latter, which was released into the wild and published last year, has the formal title of being the "code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors" and provides guidance on the privacy of cloud-hosted data. ISO 27017 is still in draft form, expected to be published towards the end of this year, and will cover information security management for cloud systems outside of the privacy remit.

Google’s Biggest European Headache Isn’t Search. It’s Android.

Mark Bergen, Re/Code,  Tuesday, April 21, 2015

A week into Google’s dramatic skirmish with the European Union, search has drawn most of the attention. But it’s the other case from Brussels that may have Google more worried. The EU Competition Commission launched its investigation into Android last week in a move that could expose gaping blind spots in the tech giant’s ability to churn out innovation and profits. The EU is looking at three of its practices: Pushing exclusive pre-installations of its apps and services on devices; bundling them; and blocking modified versions of the software. The case is structured similarly to its earlier charges against Microsoft, which was subjected to $1.5 billion in fines for bundling its browser.