Tim Cook: Privacy Is Worth Protecting

Eric Zeman, Information Week,  Wednesday, August 17, 2016

Apple CEO Tim Cook leans on the Founding Fathers to suggest the company did the right thing when asked by the FBI to unlock a terrorist's iPhone. It's an issue that affects IT professionals who need to protect company data, as well as consumers and their personal information.

Making Sense of Federal IT’s Move to the Cloud and Software-Defined Networking

Phil Goldstein, FedTech,  Wednesday, August 17, 2016

The federal government is being roiled by many of the technology trends that are affecting the commercial market, including the adoption of cloud services and the move to flexible, software-defined networks. By pushing to consolidate and optimize data centers, and by making it easier for cloud service providers to get certified by the Federal Risk and Authorization Management Program, the government is now more than ever encouraging agencies to move to the cloud. How will these shifts affect federal IT leaders and those working under them? And how does the experience of the U.S. government compare to that of foreign governments that are dealing with the same technology trends?

American Economic Activity Is Rooted In Global Flow Of Information

Jim Pflaging, Forbes,  Tuesday, August 16, 2016

Today, evidence or information relevant to a law enforcement investigation is often in electronic form and, because of breakthroughs in cloud computing, this data could be stored in any number of locations around the globe. In such cases, the question is: Whose law applies when U.S. law enforcement requires access to digital evidence stored outside the United States? The U.S. government argued that Microsoft did provide the non-content user information that was stored in the U.S., it argued that the U.S. government would need to utilize the Mutual Legal Assistance Treaty process instead of an extraterritorial warrant in order to access information stored outside of the U.S. Despite the Court’s ruling in Microsoft’s favor, the government’s argument in this case remains a threat to a trusted and open Internet. A successful appeal to the Supreme Court, or the adoption of legislation codifying this argument, would accelerate a breakdown of trust between nations and increase the risk of internet “balkanization.”

How a 'compliance mindset' can provide bad guys with short cuts if we're not careful

Jonathan Sander, SC Magazine,  Tuesday, August 16, 2016

When you're in the mindset of compliance, often the biggest enemy in the situation is simply complacency. People typically handle data in irresponsible ways because, unfortunately, they are too lazy to do it the right way. When compliance is king, the regulation lays out what they must do and settles the debate. There are extra steps to be compliant, but people can't simply ignore them as the auditor carries a big, motivating stick. “That sounds an awful lot like security to me,” says almost every executive. The difference, of course, is that when you handle data irresponsibly from a regulatory view, your “adversary” is the auditor who may notice months from now and give you a smack with her stick, or the victim may be the consumer who may be harmed by the action. Neither is actively looking to exploit you right here, right now. But in security, we know the bad guy just waiting for the path of least resistance and effectively waiting to pounce.

How Private Is Your Public Cloud? Stacking Up Google, Microsoft And AWS Data Privacy

Sarah Kuranda, CRN,  Monday, August 15, 2016

"This is your data. This is not our data. As a general matter of principle, we design our systems and our processes to make sure that data is treated as yours and not as ours," said Neal Suggs, vice president and deputy general counsel at Microsoft, Redmond, Wash. "Microsoft runs on trust." Suggs said data usage, control and privacy together make up one of the four pillars on which Microsoft has built its cloud strategy, along with data security, compliance and transparency. Those pillars extend from the design of the company's systems, the processes in place, encryption technologies, an audit process and a culture that "respects that customer-generated content is the customers' content and not our right to use without our customers' consent."

The IoT threat to privacy

Christine Bannan, TechCrunch,  Monday, August 15, 2016

As the Internet of Things becomes more widespread, consumers must demand better security and privacy protections that don’t leave them vulnerable to corporate surveillance and data breaches. But before consumers can demand change, they must be informed — which requires companies to be more transparent.

Apple at BlackHat: Reopening the "Going Dark" Debate

Matt Tait, Lawfare,  Monday, August 15, 2016

Just over a week ago, at the BlackHat hacker convention in Las Vegas, Ivan Krstić, Head of Security Engineering and Architecture at Apple gave a talk entitled “Behind the scenes of iOS Security,” the slides of which are available here. It’s a historic talk for a couple of reasons. First, Apple is traditionally very secretive about how it technically does security on its devices. Apple also announced its first bug bounty program. So far, so newsworthy. But something else happened at that talk. Unbeknownst to the presenter or anybody in the audience, Apple just reopened the “Going Dark” dispute between the FBI and the privacy community, and it turned the entire dispute on its head.

Cloudy With A Chance of Profits: Four Myths About Cloud Tech

Samuel Taube, Investment U ,  Friday, August 12, 2016

Cloud computing is quickly becoming the backbone of our entire tech industry. We’ve written before about its importance to investors. But do you really get it? Like most emerging technologies, the cloud is the subject of many myths and misconceptions. If you’re going to invest in “the cloud” - and all signs are pointing to it being a strong long-term play - you should have some understanding of how it works. Believe it or not, it’s actually a fairly simple concept. Let’s break down four common myths...

CSA Survey: Security Pros Split on Whether Cloud Vendors Should Cooperate With Government

Marketwired / Yahoo Finance,  Thursday, August 11, 2016

Bitglass, the Total Data Protection company, in partnership with the Cloud Security Alliance, today released their report Mitigating Cloud Risks, based on a survey of 176 information security professionals. Bitglass and CSA found that more than one in three IT pros believe cloud providers should turn over encrypted data to government when asked. Government intervention aside, many organizations have experienced cloud security incidents, though these aren't the widespread breaches many anticipated -- the majority of incidents stem from inappropriate use of the cloud, led by unwanted external sharing and access from unmanaged devices.

Not all clouds are created equal: understanding security and privacy cloud requirements of justice and public safety

Michael Donlan, Microsoft Enterprise Blog,  Thursday, August 11, 2016

Microsoft is committed to providing Justice and Public Safety (JPS) organizations with cloud services they can trust and is uniquely equipped to help them become CJIS compliant. We have assessed the operational policies and procedures of Microsoft Azure Government, Microsoft Office 365 Government, and Microsoft Dynamics CRM Online Government, and have attested contractually with 22 States their ability to meet the applicable controls and comply with FBI CJIS requirements.