Tom Gillis, Computerworld, Wednesday, May 25, 2016
As workloads in the corporate data center begin to migrate to the public cloud, the need to encrypt data in motion and at rest becomes foundational. In the public cloud, it is much harder to rely on the traditional approaches of wrapping select data with firewalls and IPS systems. At the same time, it is much easier to post a heap of sensitive data to an object store such as Amazon S3 and inadvertently leave it open to the unwashed Internet. Customer-controlled encryption is becoming a necessity for the enterprise hybrid cloud. But IT security is subject to a fundamental law: “If it slows users down, they will turn it off.”
Sam Schechner, Wall Street Journal, Wednesday, May 25, 2016
One of the last legal methods that companies have to store Europeans’ data—everything from Swedish salary files to Spanish selfies—on servers in the U.S. was thrust deeper into limbo Wednesday when a privacy regulator said it would ask Europe’s top court to review its legality. The Irish Data Protection Commissioner’s office said it plans to ask the European Union’s Court of Justice to review backup contractual language that Facebook Inc. and thousands of other companies use to justify sending personal information about Europeans to the United States. The same court last year invalidated the main legal framework the companies had used to do so.
Eli Richman, Fierce Government IT, Wednesday, May 25, 2016
"The findings of this year's study paint a clear picture: Cloud adoption is nearly ubiquitous, but it's not now and will not in the foreseeable future be suitable for all workloads," said Joel Dolisy, CIO of SolarWinds, in a press release. "The resulting dynamic – one set of critical on-premises services connected with another set of services in the cloud – is hybrid IT." That dynamic is being fed by agencies' dual responsibilities to both use more cloud services and ensure the security of critical systems, databases and applications, SolarWinds found.
Lothar Determann, Bloomberg BNA, Wednesday, May 25, 2016
Since Oct. 6, national data protection authorities in the EEA rushed to issue inconsistent and unclear guidance to local companies that do business with the U.S. Chaos ensued and numerous myths were added to ones that had previously surrounded the Safe Harbor Program:
Austin Adams, Federal News Radio, Wednesday, May 25, 2016
Agency leaders – from chief information officers to agency records officers to information security managers – are at an intersection of the technology revolution, where the cultural shift toward a digital world and the demanding requirements of security and compliance often collide. When it comes to managing information assets, agencies need tools that allow for collaboration, workflow processes and content management, and the flexibility to meet the needs of a changing content landscape – all while maintaining the security standards and structural controls that government IT demands.
Brenda Leong, Brookings, Tuesday, May 24, 2016
In the last two years, there has been a perfect storm on the topic of student data privacy. The role of technology within schools expanded at an unprecedented rate, general awareness of consumer data security and breaches increased, and student databases at the state or national level were established or proposed, which drew great public scrutiny and fear. This maelstrom yielded a tremendous output of legislative activity targeted at education technology companies, that was overwhelmingly focused on protecting and limiting the sharing and use of student data—in rare instances, to the point of forbidding research uses almost completely. There are signs that this wave of fear-driven response has finally crested, and that more measured conversations are occurring; conversations that prioritize the fundamental requirement for appropriate privacy and security, but with a clear focus on the invaluable role of research and analysis and the need to enable it.
Alexander J Martin, The Register, Monday, May 23, 2016
Ministers from half of the European Union's 28 member states have signed a letter asking the EU Commission to drop its “barriers to the free flow of data”. The letter was sent to the EU's digitally focused folk ahead of Wednesday, when the commission will publish the findings of its inquiry into online platforms (“search engines, social media, knowledge and video sharing websites, app stores, etc.”) which took place after the publication of the EU's Digital Single Market Strategy last year. Essentially something of a cry against the EU's data protection legislation, the letter is signed by ministers from Belgium, Bulgaria, Czech Republic, Denmark, Estonia, Finland, Great Britain, Ireland, Latvia, Luxembourg, Lithuania, Poland, Slovenia and Sweden.
Jamie Carter, Tech Radar, Monday, May 23, 2016
After a long wait while bureaucrats worked out the details of new EU data protection law, the European General Data Protection Regulation (GDPR) is here – or at least, it will be in two years. In the wake of Safe Harbour and Privacy Shield, the latest data sharing agreement between the EU and the United States, the GDPR affects all businesses processing personal data, but how?
George Lynch, Bloomberg BNA, Monday, May 23, 2016
The proliferation of surveillance laws around the world have placed multinational companies between the demands of privacy-conscious consumers and increasing data access requests from governments, leaving them to figure out how to comply. Bloomberg BNA Privacy & Data Security News Senior Legal Editor George R. Lynch posed a series of questions to Lothar Determann, a partner in the Global Privacy & Information Management Working Group at Baker & McKenzie LLP in Palo Alto, Calif. on global surveillance laws and how multinational companies should navigate the maze.
Aaron Boyd, Federal Times, Monday, May 23, 2016
The Federal Risk and Authorization Management Program (FedRAMP) — the program charged with managing security accreditations for cloud vendors selling to the government — is in the midst of a renaissance but federal managers have yet to be impressed, according to a new survey. A poll of 150 federal IT managers conducted by MeriTalk showed less than half — 45 percent — believe the program has led to better cybersecurity at their agency and the vast majority — 79 percent — view FedRAMP as just another frustrating exercise in compliance.