Policy & Procurement
Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.
Thursday, May 15, 2014
In a surprise announcement on April 30, 2014, Google announced on its company blog that it would no longer “collect or use student data in Apps for Education services for advertising purposes.” Google also noted that it would make similar changes to its Google Apps for Government products. This announcement suggests that Google has been scanning, storing and monetizing student, business and government emails for years, which raises concerns about Google’s past privacy practices and their future policies. This is a significant violation of the trust placed in the company by the schools and government agencies who signed contracts with the assurance that there would be “no ad-related scanning or processing” in Google Apps – language that Google once noted on their website.
Monday, April 28, 2014
For any organization who doesn't take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?
The Chertoff Group
Wednesday, March 26, 2014
In 2012, the American cybersecurity company, Mandiant (now owned by FireEye) released a report tracking an extensive, comprehensive cybersecurity threat from China. It gave the Chinese program the name “APT-1,” where APT stands for Advanced Persistent Threat. APT was as accurate a characterization as one could imagine – the techniques used by the Chinese where highly sophisticated and advanced, and they were determined and continuous.
Tuesday, March 25, 2014
A California lawsuit suggests the federal government must take stronger steps to protect government data from data mining and user profiling by cloud service providers. In the technology-rich world we live in, it's critical for everyone to understand how their data is processed and used. For the government, it is arguably even more important, given the massive amounts of sensitive citizen data it possesses and stores.
Cunningham Levy LLP
Thursday, February 27, 2014
If you’re looking to launch a cloud-based venture, Ireland wants you to know it’s open for business. Very open. Not just a tax haven, mind you, Ireland wants to be very clear about that, given allegations to the contrary in the US Congress last year. In late 2013, Ireland’s Industrial Development Agency, chartered to attract foreign business to the island, pushed back hard on allegations that companies establish “headquarters” in Ireland in order to render themselves immune from corporate tax. The IDA stressed, in a Venture Beat Op-Ed, that, while it’s 12.5 percent corporate tax rate is attractive there is far more to recommend Ireland as a “cloud haven.”
The Chertoff Group
Tuesday, February 25, 2014
In a sweeping decision, the District of Columbia Circuit Court of Appeals in Washington struck down an order from the Federal Communications Commission (FCC) that the FCC said was intended to foster an open internet network and provide transparency and ease of access for consumers. In doing so, the DC Circuit dramatically affected the prospects for many current and future cloud applications – so dramatically, for example, that the value of Netflix stock initially dropped 5% in the wake of the decision. (Netflix is thought to be disadvantaged by the decision). The stock has rebounded since, but the incident makes it clear that some cloud providers are dependent on a particular pricing framework for internet transmission – a one size fits all model where broadband service providers cannot charge discriminatory prices to different content creators based on the nature and volume of their product. The current pricing framework is now likely to be reexamined. How that reexamination plays out will determine the security and efficacy of cloud services in the next few years.
Tuesday, February 18, 2014
In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider.
Cunningham Levy LLP
Friday, January 24, 2014
As the year changes, everyone makes lists. Here’s mine: the top 5 reasons the EU would be wrong to kill Safe Harbor. I hope EU politicians will resolve to consider them before dropping lumps of coal into their citizens’ privacy stockings. Their threat to terminate the Safe Harbor program: is based on inaccurate information; would destroy one of the few effective US legal tools to protect EU citizens’ privacy; would heavily burden US companies and trans-Atlantic commerce; has no chance to stop NSA spying-- the professed goal; and is ill-timed given now that the US government now is starting to police itself.
Brian Robinson, GCN, Friday, January 24, 2014
Among city government IT managers, cloud computing has drawn a lot of interest, as well as suspicion. Along with the touted advantages of the cloud has come considerable caution over its drawbacks, not least for its potential security and privacy hazards. Consequently, cities have been slow to adopt cloud-based services.
SafeGov.org Commissioned White Paper Proposes Framework for Improving Federal Cloud Networks and Procurement Processes
SafeGov.org today released its latest report titled “Staying Safe in Cyberspace: Cloud Security on the Horizon” at the MeriTalk 2014 Cloud Computing Brainstorm held at the Newseum in Washington, D.C. The report proposes an integrated approach to cloud implementation to help agencies realize the benefits of cloud technologies while meeting current Federal cybersecurity requirements. Until now, efforts to implement cybersecurity and cloud computing initiatives have been fragmented and lack overarching coordination. This report works to address this gap in a series of recommendations intended to mitigate risk while harnessing the vast rewards provided by cloud technologies.