IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.
Brad Smith, Microsoft on the Issues, Tuesday, October 06, 2015
We appreciate that some of our customers have questions about the impact of the ruling today by the European Court of Justice (ECJ) about the EU – US Safe Harbor Framework. In particular some customers may ask if this means that they will no longer be able to transfer their customer data from the European Union to the United States. For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place. This includes additional and stringent privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor. Both the ruling and comments by the European Commission recognized these types of steps earlier today.
Natalia Drozdiak and Sam Schechner, Wall Street Journal, Tuesday, October 06, 2015
The European Union’s highest court on Tuesday struck down a trans-Atlantic pact used by thousands of companies to transfer Europeans’ personal information to the U.S., throwing into jeopardy data traffic that underpins the world’s largest trading relationship. The decision now sets off a costly effort by companies and privacy lawyers to preserve companies’ ability to transfer Europeans’ personal data to the U.S. before regulators move in with fines or orders to suspend data flows. Hanging in the balance is billions of dollars of trade in the online advertising business, as well as more quotidian tasks such as companies’ ability to store human-resources documents about European colleagues.
Tuesday, October 06, 2015
Beyond this holding that a country has the power to disregard Safe Harbor and make its independent adequacy findings, the ECJ declared Safe Harbor to be invalid. The main reason for the invalidity of Safe Harbor is the failure of US law to provide adequate limitations and redress from government surveillance, especially NSA surveillance. In particular, the ECJ was troubled by the fact the NSA could engage in massive surveillance and that US courts had failed to provide a way for people to challenge that surveillance. Essentially, the ECJ held that because the NSA's surveillance is virtually unstoppable, the Safe Habor cannot guarantee an adequate level of protection.
The Chertoff Group
Monday, October 05, 2015
Something is rotten at the core of our conception of Internet governance. Almost unnoticed, nations are trying to impose – often successfully – sovereign borders and legal demands on a digital realm that is inherently borderless. Left unchecked, this instinct to create sovereign barriers risks fracturing the Web in ways that will jeopardize its economic, political, and social utility.
First Post Staff, Monday, October 05, 2015
A team of researchers at Worcester Polytechnic Institute have developed a technique that allows an attacker use an account on Amazon Elastic Compute Cloud (EC2) to steal cryptographic keys of other AWS users.
James Bach, Washington Business Journal, Monday, October 05, 2015
The federal government has had to endure its fair share of criticism for its slow adoption of IT, particularly when it comes to the cloud. But a new report released this week by Govini indicates agencies are accelerating their purchases of cloud solutions pretty sizably. According to the report, the federal government nearly tripled the size of its cloud purchases in fiscal 2014 compared with fiscal 2013, and that number has only increased in fiscal 2015.
Robin Hattersley Gray, Campus Safety Magazine, Saturday, October 03, 2015
It seems like practically every U.S. police department is buying or considering the adoption of body-worn cameras, but are they appropriate for hospitals? If so, how should they be deployed? HIPAA compliance is just one of several challenges associated with this type of technology. Training and policies are some others.
Adam Stone, C4ISR, Saturday, October 03, 2015
In recent years, cloud computing has delivered information technology managers a means to streamline their practices and reduce operating costs. Now, a new range of tools has emerged to help IT make the most of cloud’s potential. Hybridization has opened new doors, as has the promise of open-source development. Taken together, the open hybrid cloud raises the bar for military cloud users.
Samuel Gibbs, The Guardian, Friday, October 02, 2015
The European Court of Justice ruled Thursday that if a company operates a service in the native language of a country, and has representatives in that country, then it can be held accountable by the country’s national data protection agency despite not being headquartered in the country.
Rutrell Yasin, Fedscoop, Thursday, October 01, 2015
Creating a hybrid cloud computing environment – one that relies on a mix of on-premises and public cloud services – holds out the promise of greater flexibility for federal agencies on where to run diverse workloads and applications. It also promises greater computing economies. But enforcing policies and security controls between and among multiple clouds can be tricky business. Agency managers can encounter a myriad of challenges as they use multiple cloud providers in conjunction with their own internal private cloud infrastructure. Issues surrounding compliance, data flow and protection, security, and visibility o