Security

IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.

Survey: IT departments are losing cloud security battle

Greg Otto, FedScoop,  Friday, October 31, 2014

Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.

Biggest ever cyber security exercise in Europe today

European Commission,  Thursday, October 30, 2014

More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA). In Cyber Europe 2014 experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy companies, financial institutions and internet service providers are testing their procedures and capabilities against in a life-like, large-scale cyber-security scenario.

The Blind Men, the Elephant and the FTC’s Data Security Standards

Omer Tene, IAPP,  Thursday, October 30, 2014

Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.

Top Security Threats Still Plaguing Enterprise Cloud Adoption

John K. Waters, Redmond Magazine,  Tuesday, October 28, 2014

The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).

Operation SMN – Disruption of Axiom Group – Prolific Chinese Cyber Espionage Team

Brian Bartholomew, iSight Partners,  Tuesday, October 28, 2014

Earlier today iSIGHT Partners proudly participated in the public disclosure of threat intelligence on a prolific Chinese Cyber Espionage group. This disclosure included the sharing of technical indicators which can be used to determine the potential of compromise, as well as detail on the tactics, techniques and procedures of this group which can be used to inform better security decisions. This release was made as part of a coalition of security vendors, security researchers and major technology companies called “Operation SMN” which was announced on October 14th. The effort was led by Novetta and Microsoft and is the first joint effort under Microsoft’s Coordinated Malware Eradication program.

Do You Know What Apps Your Employees Use?

Deborah Gage, Wall Street Journal,  Monday, October 27, 2014

Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.

Securing video surveillance data: A three step approach

Julie Anderson by Julie Anderson, Civitas Group
Monday, October 27, 2014

Last month, the FBI updated the Federal Criminal Justice Information Services Security Policy (CJIS), which prescribes methods to keep data creation, collection, transmission, storage, and destruction to establish a standard level of data protection among all governmental bodies. State and local law enforcement agencies should build on CJIS standards and incorporate three additional measures to improve security when managing its video surveillance data. Implementing these three measures, in concert, will maximize the security of storing that data...

The Most Alarming Fact About HIPAA Audits (Part 5)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 23, 2014

Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.

Android’s recent encryption announcement doesn’t protect your data

Karen Evans by Karen Evans, KE&T Partners
Wednesday, October 22, 2014

Apple’s default encryption announcement contained a notable distinction in the fine print. They promised not to read the content of your email messages. Not only will Apple’s default encryption protect your email from being accessed by governmental entities without permission, but Apple will not retrieve or use the content of your email for their own purposes. Android’s announcement did not offer the same protection to users. They did not make the same pledge which could be related to the fact that Google’s main source of revenue is derived from ad placements based on the content of user emails and searches.

How effective is cloud-provided encryption?

Paige Leidig, SC Magazine,  Tuesday, October 21, 2014

As concerns continue to mount over data breaches, data security, and regulatory compliance, particularly in public cloud environments, a growing number of cloud service providers (CSPs) are stepping up to the plate with beefed-up encryption offerings to assuage their customers' concerns. The additional encryption these CSPs now provide can certainly aid in protecting sensitive data from some types of attacks, but is CSP-provided cloud data encryption enough to secure your data and achieve compliance?