Security

IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.

The Future of Privacy

Lee Rainie and Janna Anderson, Pew Research,  Thursday, December 18, 2014

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Wanted: An International Rule of Law for Cloud Data

Michael Chertoff by Michael Chertoff, Chertoff Group
Thursday, December 18, 2014

If we don’t figure out a new way of resolving legal conflicts, the universal Web as we know it may soon be Balkanized. Global companies will be subject to competing and inconsistent legal demands—one country may require disclosure of information that another country prohibits from being disclosed. The inevitable result will be that consumers suffer diminished access to the network overall. Decisions companies make about the location of their servers and hardware will be driven by legal gamesmanship rather than by technological or infrastructure considerations. The current free-for-all of competing nations needs to be replaced with an agreed-upon international system for newly designed choice-of-law rules for data in the Internet cloud. Such rules determine which country’s law governs in a dispute, as when we try to decide whose law governs a contract for the sale of goods. We need to harmonize existing rules in a framework of law for the cyber age.

Should privacy regulation be more than just data protection?

Inga Kroener, The Guardian,  Wednesday, December 17, 2014

To get to grips with the surveillance risks that emergent technologies carry, policymakers need to broaden their scope of what privacy is. Rather than solely focusing on data, impact assessments need to address the range of privacy issues that emerge when new technologies, products and services are developed – who might be affected by privacy or surveillance risks, and how they might be harmed.

Halvorsen formalizes new DOD cloud procurement policy

Sean Lyngaas, FCW,  Wednesday, December 17, 2014

Acting Defense Department CIO Terry Halvorsen has issued a memo outlining the Pentagon’s new cloud procurement policy, formally allowing the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to the Defense Information Systems Agency.

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

What the Future Holds for FedRAMP

Nicole Blake Johnson, FedTech,  Wednesday, December 17, 2014

Big changes are ahead for the Federal Risk Authorization Management Program, better known as FedRAMP. A new two-year road map that will be released Wednesday details more than 40 initiatives aimed at accomplishing three overarching goals: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies, by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies while focusing on risk management rather than compliance. The road map groups initiatives in six-, 12-, 18- and 24-month intervals.

Employees “going rogue” with corporate data stored in the cloud

Business Cloud News,  Wednesday, December 17, 2014

A majority of employees storing corporate data in cloud-based platforms are still able to access those platforms after leaving their job, recently published research suggests. Solving the issue requires more than just deploying single sign-on, particularly as enterprises move away from blocking services to becoming more permissive with what apps are allowed to linger behind the firewall. IT decision makers dealing with the issue have repeatedly said rolling out cloud services that could in some way facilitate data loss requires a large push to educate users.

Privacy in a Time of Emerging Tech

Elaine Pittman, Government Technology,  Wednesday, December 17, 2014

Clearly the issue of privacy isn’t going away, as government and industry introduce new data-driven technologies. But what will change is the definition of privacy for citizens and how rules will govern data protection. Legislatures and IT chiefs will once again take up the issue in 2015, seeking ways to protect data and harness it for a smarter future.

Tech, media firms back Microsoft in digital privacy case

Ellen Nakashima, Washington Post,  Tuesday, December 16, 2014

Ten groups of top technology, media and business organizations on Monday filed legal briefs in support of Microsoft’s argument to a federal appeals court that the U.S. government cannot issue a search warrant to obtain customers’ e-mails held in another country. The unusually high number of friend-of-the-court briefs and the breadth of groups that signed on reflect how significant the issue of privacy in the digital age is to U.S. industry. “This is not a case about a narrow legal issue but rather a broad policy issue that is of profound importance to the future of the Internet,” Brad Smith, Microsoft general counsel, said in an interview Monday.

How CIOs Can Prepare for Healthcare ‘Data Tsunami’

Kenneth Corbin, CIO,  Tuesday, December 16, 2014

The volume of healthcare data is growing at a staggering rate, bringing with it a host of technical, compliance and governance challenges for CIOs working in that sector. A recent report from EMC and the research firm IDC offers a few imaginative ways at visualizing that proliferation, anticipating an overall increase in health data of 48 percent annually.