IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.
Thursday, October 23, 2014
Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.
Wednesday, October 22, 2014
Apple’s default encryption announcement contained a notable distinction in the fine print. They promised not to read the content of your email messages. Not only will Apple’s default encryption protect your email from being accessed by governmental entities without permission, but Apple will not retrieve or use the content of your email for their own purposes. Android’s announcement did not offer the same protection to users. They did not make the same pledge which could be related to the fact that Google’s main source of revenue is derived from ad placements based on the content of user emails and searches.
Paige Leidig, SC Magazine, Tuesday, October 21, 2014
As concerns continue to mount over data breaches, data security, and regulatory compliance, particularly in public cloud environments, a growing number of cloud service providers (CSPs) are stepping up to the plate with beefed-up encryption offerings to assuage their customers' concerns. The additional encryption these CSPs now provide can certainly aid in protecting sensitive data from some types of attacks, but is CSP-provided cloud data encryption enough to secure your data and achieve compliance?
Russia Direct, Tuesday, October 21, 2014
Russia and China could soon sign an agreement on cooperation in the field of cybersecurity, a move that some see as an attempt to reduce American influence in the information technology field.
Jason Miller, Federal News Radio, Tuesday, October 21, 2014
The Customs and Border Protection directorate in the Homeland Security Department is taking a two-pronged approach to protecting its systems and data in the cloud. First, CBP is relying on third-party audits of cloud service providers through the Federal Risk Authorization and Mitigation Program (FedRAMP). Second, it's sending its own staff of experts in to audit how vendors protect systems and government data. CBP's focus on cyber in the cloud and really across the board follows the ever-growing trend across government. Now more than ever, federal chief information officers are paying more attention to cybersecurity.
Monday, October 20, 2014
The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).
Sean Gallagher, Ars Technica, Monday, October 20, 2014
GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland. The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.
Adam Mazmanian, FCW, Monday, October 20, 2014
While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well.
Andrea Peterson and Craig Timberg, Washington Post, Friday, October 17, 2014
Mistakes in setting up popular office software have sent information about millions of Americans spilling onto the Internet, including Social Security numbers of college students, the names of children in Texas and the ID numbers of intelligence officials who visited a port facility in Maryland. The security problem, researchers say, has affected many hundreds of servers running popular Oracle software, exposing a peculiar melange of data to possible collection by hackers. Most of the institutions affected have been universities or government agencies, though they hold a wide range of information on individuals and private companies.
Monday, October 13, 2014
In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.