China to develop trust rating index for cloud vendors

Eileen Yu, ZDNet,  Monday, December 22, 2014

China is planning to rate the trustworthiness of cloud computing vendors, allowing only those with full security clearance to partake in government projects. The move could leave foreign companies out of government procurement contracts, according to a report by China Daily. Zuo Xiaodong, vice-president of industry group China Information Security Research Institute, said: "The basic idea of the security rating mechanism is to find trustworthy hardware, software, and service providers to ensure the government has total control of the entire ecosystem."

How NASA launched its web infrastructure into the cloud

Jonathan Vanian, GigaOM,  Friday, December 19, 2014

The space agency uses Amazon Web Services to provide the backbone for its new Drupal content management system, and has worked out an interesting way to pay for the cloud, explained Kadakia. NASA’s uses a contract vehicle called Solutions for Enterprise-Wide Procurement (SEWP) that functions like a drawdown account between NASA and Amazon. The contract vehicle takes in account that the cost of paying for cloud services can fluctuate based on needs and performance (a site might get a spike in traffic on one day and then have it drop the next day). Kadakia estimates that NASA could end up spending around $700,000 to $1 million for AWS for the year; the agency can put in $1.5 million into the account that can cover any unforeseen costs, and any money not spent can be saved. “I think of it like my service card,” she said. “I can put 50 bucks in it. I may not use it all and I won’t lose that money.”

Doug Wolfe on Cloud Computing at the CIA

Robert Tilford, Ground Report,  Friday, December 19, 2014

Doug Wolfe—a 30 year CIA veteran—has a tough job. As CIA’s Chief Information Officer (CIO), Wolfe is responsible for ushering the Agency into the 21st century with state-of-the-art computing technology while ensuring our systems are secure. As a pioneer of cloud computing at CIA, Wolfe spearheaded a new way of doing intelligence work that allows for increased collaboration across the 17 Intelligence Community (IC) agencies.

Amazon's cloud business a harder sell in post-Snowden era

Deepa Seetharaman and Bill Rigby, Reuters,  Friday, December 19, 2014

Since Edward Snowden exposed the vast reach of the U.S. National Security Agency's surveillance programs 18 months ago, government agencies and companies around the world have been evaluating where they keep their most sensitive data. Some larger companies have grown wary of relying too heavily on Amazon's public cloud servers, preferring to store data on their own premises or work with cloud providers that can offer them the option of dedicated servers - the so-called "private cloud" model, technology consultants say. That has opened a door for rivals such as Microsoft Corp , which has won over some companies by giving them more direct oversight of their data in the cloud.

The Future of Privacy

Lee Rainie and Janna Anderson, Pew Research,  Thursday, December 18, 2014

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Wanted: An International Rule of Law for Cloud Data

Michael Chertoff by Michael Chertoff, Chertoff Group
Thursday, December 18, 2014

If we don’t figure out a new way of resolving legal conflicts, the universal Web as we know it may soon be Balkanized. Global companies will be subject to competing and inconsistent legal demands—one country may require disclosure of information that another country prohibits from being disclosed. The inevitable result will be that consumers suffer diminished access to the network overall. Decisions companies make about the location of their servers and hardware will be driven by legal gamesmanship rather than by technological or infrastructure considerations. The current free-for-all of competing nations needs to be replaced with an agreed-upon international system for newly designed choice-of-law rules for data in the Internet cloud. Such rules determine which country’s law governs in a dispute, as when we try to decide whose law governs a contract for the sale of goods. We need to harmonize existing rules in a framework of law for the cyber age.

Should privacy regulation be more than just data protection?

Inga Kroener, The Guardian,  Wednesday, December 17, 2014

To get to grips with the surveillance risks that emergent technologies carry, policymakers need to broaden their scope of what privacy is. Rather than solely focusing on data, impact assessments need to address the range of privacy issues that emerge when new technologies, products and services are developed – who might be affected by privacy or surveillance risks, and how they might be harmed.

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

What the Future Holds for FedRAMP

Nicole Blake Johnson, FedTech,  Wednesday, December 17, 2014

Big changes are ahead for the Federal Risk Authorization Management Program, better known as FedRAMP. A new two-year road map that will be released Wednesday details more than 40 initiatives aimed at accomplishing three overarching goals: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies, by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies while focusing on risk management rather than compliance. The road map groups initiatives in six-, 12-, 18- and 24-month intervals.

Employees “going rogue” with corporate data stored in the cloud

Business Cloud News,  Wednesday, December 17, 2014

A majority of employees storing corporate data in cloud-based platforms are still able to access those platforms after leaving their job, recently published research suggests. Solving the issue requires more than just deploying single sign-on, particularly as enterprises move away from blocking services to becoming more permissive with what apps are allowed to linger behind the firewall. IT decision makers dealing with the issue have repeatedly said rolling out cloud services that could in some way facilitate data loss requires a large push to educate users.