Security

IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.

Four key ways to overcome security concerns in the cloud

Ivan Harris, Cloud Tech ,  Tuesday, November 25, 2014

Ten days ago I hosted a seminar on cloud security at the Public Sector Enterprise ICT conference in London. In a show of hands at the start of the discussion, the forty or so attendees were unanimous in their agreement that the issue of security is one of the most important considerations in the journey to the cloud. Joining me on the panel was Tony Richards, the head of security at G-Cloud and Ian Gale from Bristol City Council. The panel had some great advice about how to overcome common security concerns. Here is a summary of what they think organisations can do:

Cyber Security Needs Its Ralph Nader

Tsion Gonen, Information Week,  Monday, November 24, 2014

It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?

As NSA reform dies, questions about Safe Harbour reform loom

Jonathan Brandon, Business Cloud News,  Thursday, November 20, 2014

The USA Freedom Act, which was proposed in a bid to end mass surveillance and give more transparency and oversight to how digital communications are monitored by the US intelligence community, died on the floor of the US Senate this week, falling just two votes shy of the 60 votes it needed to pass. Some analysts believe the result will stoke further debate around Safe Harbour and other data sharing agreements with the US.

Chertoff: Cybersecurity takes teamwork

Taylor Armerding, CSO,  Wednesday, November 05, 2014

Cyber security, to be successful, has to be a “team sport,” former Homeland Security secretary Michael Chertoff told attendees of the Advanced Cyber Security Center (ACSC) Conference at the Federal Reserve Bank of Boston Tuesday morning. Chertoff, cofounder and executive chairman of the Chertoff Group, who gave the keynote speech at the conference, titled “Left of Boom: How and where to invest across the kill chain,” said organizations that go it alone, and especially those that focus only on prevention to maintain their security from cyberattacks are “doomed.”

Are your file sharing tools leaking data?

GCN,  Wednesday, November 05, 2014

Routine, unsanctioned file sharing among employees has put organizations at risk equal to or greater than the dangers posed by direct data theft, according to research by the Ponemon Institute and IntraLinks Holdings Inc., a software-as-a-service content management firm. The report, Breaking Bad: The Risk of Unsecure File Sharing, says many organizations have few controls in place to protect data, yet they are enabling data to be shared outside their organizations without the knowledge of senior management. The study points a finger at cloud storage and sharing services such as Dropbox, which have become increasingly popular as they enable employees and organizations to easily collaborate.

Federal mobile platforms need newer, stricter protocols

General Ken Minihan by General Ken Minihan, Paladin
Monday, November 03, 2014

The marriage of mobile and cloud requires a new approach to security. It requires a new paradigm for trust as government agencies, medical systems and educational institutions outsource their cloud-based platforms to private vendors. This trust must be based on transparency, resiliency and accountability.

Survey: IT departments are losing cloud security battle

Greg Otto, FedScoop,  Friday, October 31, 2014

Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.

Biggest ever cyber security exercise in Europe today

European Commission,  Thursday, October 30, 2014

More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA). In Cyber Europe 2014 experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy companies, financial institutions and internet service providers are testing their procedures and capabilities against in a life-like, large-scale cyber-security scenario.

The Blind Men, the Elephant and the FTC’s Data Security Standards

Omer Tene, IAPP,  Thursday, October 30, 2014

Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.

Top Security Threats Still Plaguing Enterprise Cloud Adoption

John K. Waters, Redmond Magazine,  Tuesday, October 28, 2014

The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).