Policy & Procurement
Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.
Friday, April 24, 2015
While the Commission’s case is directed at Google’s conduct in the consumer market, it is important to consider the significant implications this has for enterprise users globally in both the public and private sectors. The EC’s decision reinforces the necessity that customers must educate themselves on the data-use terms of their cloud providers and craft their contracts accordingly.
Tom Fairless, Wall Street Journal, Friday, April 24, 2015
The European Union could create a powerful new regulator to oversee a swath of mainly U.S.-based Internet companies, according to an internal document that lays bare the deep concerns in top EU policy circles around the economic threat posed by companies like Google Inc. and Facebook Inc. Such a move would throw the biggest obstacle yet in the way of U.S. Internet companies operating in Europe, a number of which are already embroiled in investigations and lawsuits over issues including unfair competition and tax avoidance.
Richard Kemp, Business Cloud News, Thursday, April 23, 2015
A year after it was published, – the first international standard focusing on the protection of personal data in the public cloud – continues, unobtrusively and out of the spotlight, to move centre stage as the battle for cloud pre-eminence heats up.
Rob Wright, TechTarget, Wednesday, April 22, 2015
Security experts discussed the state of cloud privacy and security at RSA Conference 2015, arguing that while major improvements have been made, serious concerns remain. In a session Tuesday titled "Security and Privacy in the Cloud: How Far Have We Come?" panel moderator John Pescatore, director of the SANS Institute, asked representatives from Microsoft and Google how their companies have improved cloud security and privacy standards for both users and employees over the last year.
Wednesday, April 22, 2015
What is old is new again. Another tech behemoth is facing significant government antitrust allegations. After a five-year investigation, the European Commission (EC) has issued formal antitrust charges against Google focused on the company’s Internet search dominance. The EC has also launched a formal investigation into Android – Google’s ad-subsidized mobile platform. On April 15, the EC sent a Statement of Objections to Google outlining its view that Google abuses its position by favoring its own products in search. According to the statement, “The Commission's preliminary view is that such conduct infringes EU antitrust rules because it stifles competition and harms consumers.” While the Commission’s case is directed at Google’s conduct in the consumer market, it is important to consider the significant implications this has for enterprise users globally in both the public and private sectors. The EC’s decision reinforces the necessity that customers must educate themselves on the data-use terms of their cloud providers and craft their contracts accordingly.
AG Strategy Group
Wednesday, April 22, 2015
A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:
Cheryl Kemp, The Whir, Wednesday, April 22, 2015
Cloud infrastructure spending will account for 33 percent of all IT infrastructure spending in 2015 according to the Worldwide Quarterly Cloud IT Infrastructure Tracker released on Tuesday by IDC. This growth represents an increase of 21 percent over 2014.
Molly Bernhart Walker, FierceGovernmentIT, Wednesday, April 22, 2015
As federal agencies deal with more sensitive information – from digital documents to troves of "big data" – de-identifying personally identifiable information is an emerging challenge. Because agencies are under increased pressure to make raw data open to the public, the removal of sensitive personal information from that data is critical. In a new draft publication, the National Institute of Standards and Technology explores techniques for de-identification and summarizes almost 20 years of research.
Davey Winder, CloudPro UK, Tuesday, April 21, 2015
Standards are crucial to both secure the cloud and give businesses the confidence they need to make the move. Which is where ISO 27017 and ISO 27018 come in as new standards for cloud services. The latter, which was released into the wild and published last year, has the formal title of being the "code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors" and provides guidance on the privacy of cloud-hosted data. ISO 27017 is still in draft form, expected to be published towards the end of this year, and will cover information security management for cloud systems outside of the privacy remit.
Mark Bergen, Re/Code, Tuesday, April 21, 2015
A week into Google’s dramatic skirmish with the European Union, search has drawn most of the attention. But it’s the other case from Brussels that may have Google more worried. The EU Competition Commission launched its investigation into Android last week in a move that could expose gaping blind spots in the tech giant’s ability to churn out innovation and profits. The EU is looking at three of its practices: Pushing exclusive pre-installations of its apps and services on devices; bundling them; and blocking modified versions of the software. The case is structured similarly to its earlier charges against Microsoft, which was subjected to $1.5 billion in fines for bundling its browser.