IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.
Jonathan Brandon, Business Cloud News, Thursday, November 20, 2014
The USA Freedom Act, which was proposed in a bid to end mass surveillance and give more transparency and oversight to how digital communications are monitored by the US intelligence community, died on the floor of the US Senate this week, falling just two votes shy of the 60 votes it needed to pass. Some analysts believe the result will stoke further debate around Safe Harbour and other data sharing agreements with the US.
Taylor Armerding, CSO, Wednesday, November 05, 2014
Cyber security, to be successful, has to be a “team sport,” former Homeland Security secretary Michael Chertoff told attendees of the Advanced Cyber Security Center (ACSC) Conference at the Federal Reserve Bank of Boston Tuesday morning. Chertoff, cofounder and executive chairman of the Chertoff Group, who gave the keynote speech at the conference, titled “Left of Boom: How and where to invest across the kill chain,” said organizations that go it alone, and especially those that focus only on prevention to maintain their security from cyberattacks are “doomed.”
GCN, Wednesday, November 05, 2014
Routine, unsanctioned file sharing among employees has put organizations at risk equal to or greater than the dangers posed by direct data theft, according to research by the Ponemon Institute and IntraLinks Holdings Inc., a software-as-a-service content management firm. The report, Breaking Bad: The Risk of Unsecure File Sharing, says many organizations have few controls in place to protect data, yet they are enabling data to be shared outside their organizations without the knowledge of senior management. The study points a finger at cloud storage and sharing services such as Dropbox, which have become increasingly popular as they enable employees and organizations to easily collaborate.
General Ken Minihan,
Monday, November 03, 2014
The marriage of mobile and cloud requires a new approach to security. It requires a new paradigm for trust as government agencies, medical systems and educational institutions outsource their cloud-based platforms to private vendors. This trust must be based on transparency, resiliency and accountability.
Greg Otto, FedScoop, Friday, October 31, 2014
Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.
European Commission, Thursday, October 30, 2014
More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA). In Cyber Europe 2014 experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy companies, financial institutions and internet service providers are testing their procedures and capabilities against in a life-like, large-scale cyber-security scenario.
Omer Tene, IAPP, Thursday, October 30, 2014
Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.
John K. Waters, Redmond Magazine, Tuesday, October 28, 2014
The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).
Brian Bartholomew, iSight Partners, Tuesday, October 28, 2014
Earlier today iSIGHT Partners proudly participated in the public disclosure of threat intelligence on a prolific Chinese Cyber Espionage group. This disclosure included the sharing of technical indicators which can be used to determine the potential of compromise, as well as detail on the tactics, techniques and procedures of this group which can be used to inform better security decisions. This release was made as part of a coalition of security vendors, security researchers and major technology companies called “Operation SMN” which was announced on October 14th. The effort was led by Novetta and Microsoft and is the first joint effort under Microsoft’s Coordinated Malware Eradication program.
Deborah Gage, Wall Street Journal, Monday, October 27, 2014
Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.