IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.
Greg Otto, FedScoop, Friday, October 31, 2014
Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.
European Commission, Thursday, October 30, 2014
More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA). In Cyber Europe 2014 experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy companies, financial institutions and internet service providers are testing their procedures and capabilities against in a life-like, large-scale cyber-security scenario.
Omer Tene, IAPP, Thursday, October 30, 2014
Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.
John K. Waters, Redmond Magazine, Tuesday, October 28, 2014
The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).
Brian Bartholomew, iSight Partners, Tuesday, October 28, 2014
Earlier today iSIGHT Partners proudly participated in the public disclosure of threat intelligence on a prolific Chinese Cyber Espionage group. This disclosure included the sharing of technical indicators which can be used to determine the potential of compromise, as well as detail on the tactics, techniques and procedures of this group which can be used to inform better security decisions. This release was made as part of a coalition of security vendors, security researchers and major technology companies called “Operation SMN” which was announced on October 14th. The effort was led by Novetta and Microsoft and is the first joint effort under Microsoft’s Coordinated Malware Eradication program.
Deborah Gage, Wall Street Journal, Monday, October 27, 2014
Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.
Monday, October 27, 2014
Last month, the FBI updated the Federal Criminal Justice Information Services Security Policy (CJIS), which prescribes methods to keep data creation, collection, transmission, storage, and destruction to establish a standard level of data protection among all governmental bodies. State and local law enforcement agencies should build on CJIS standards and incorporate three additional measures to improve security when managing its video surveillance data. Implementing these three measures, in concert, will maximize the security of storing that data...
Thursday, October 23, 2014
Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.
Wednesday, October 22, 2014
Apple’s default encryption announcement contained a notable distinction in the fine print. They promised not to read the content of your email messages. Not only will Apple’s default encryption protect your email from being accessed by governmental entities without permission, but Apple will not retrieve or use the content of your email for their own purposes. Android’s announcement did not offer the same protection to users. They did not make the same pledge which could be related to the fact that Google’s main source of revenue is derived from ad placements based on the content of user emails and searches.
Paige Leidig, SC Magazine, Tuesday, October 21, 2014
As concerns continue to mount over data breaches, data security, and regulatory compliance, particularly in public cloud environments, a growing number of cloud service providers (CSPs) are stepping up to the plate with beefed-up encryption offerings to assuage their customers' concerns. The additional encryption these CSPs now provide can certainly aid in protecting sensitive data from some types of attacks, but is CSP-provided cloud data encryption enough to secure your data and achieve compliance?