Monday, October 10, 2016
Contracting with cloud service providers has long been a world shrouded in fog. Across various organizations, cloud service agreements (CSAs) are all over the place, and often many people entering into these contracts have no idea what provisions they should have to protect their data. Significant guidance is needed to improve this landscape and bring more order to the chaos. Fortunately, a new standard -- ISO/IEC 19086 – provides this much-needed guidance.
Law Office of Bradley S. Shear
Sunday, October 9, 2016
There are multiple types of cloud-computing models and deployment methods that law firms and their clients utilize. For example, software-as-a-service , platform-as-a-service or infrastructure-as-a-service models may be deployed on a private cloud, public cloud, or hybrid cloud. ISO 19086-1’s framework is comprehensive, yet flexible, which enables lawyers and other risk professionals to feel confident that regardless of the type of cloud-computing model being utilized these standards if followed will not only inform but also help protect the rights of the parties to a cloud-computing agreement.
Thursday, October 6, 2016
A closer examination of major breaches reveals a common theme: In every "major headline" breach, the attack vector has been the common password. The reason is simple: The password is by far the weakest link in cybersecurity today.
Tuesday, October 4, 2016
The dramatic growth in the use of cloud computing services by enterprises of all sizes and industries has created new challenges for corporate privacy and security officers. The economic and strategic benefits of the cloud are too great to forego. However, entrusting critical applications and sensitive data to third-party services requires careful review of vendor compliance with laws, regulations and standards. Balancing the benefits of the cloud with the fundamental requirements of privacy and security demands sustained attention from both sides. In this session, we’ll take an in-depth look at what it will take to build the necessary foundation of trust between user enterprises and their cloud service providers. Join Milltech Consulting's Doug Miller in the first part of this four-part video series from Microsoft at the IAPP and CSA's Privacy. Security. Risk. 2016.
Monday, September 12, 2016
When large cloud customers deal with multiple cloud providers, as they typically do, there is bound to be some conceptual and terminological drift between the different SLAs. An obvious need arises for a standard way of building cloud service level agreements that meets the requirements of both customers and providers. The forthcoming ISO/IEC 19086 is just such a standard for cloud SLAs. A multinational committee of experts has been working on this project since 2013 and is expected to finalize the first of four planned parts this November. The four parts are as follows:
Tuesday, September 6, 2016
After a recent federal court ruling against prosecutors seeking emails stored abroad, a new case in Virginia again highlights the clash between privacy rights and data sovereignty
AG Strategy Group
Tuesday, August 9, 2016
In its final months in office, the Obama administration finalized Privacy Shield with the EU. Now it needs to implement it and work with U.S.-based tech companies to remove any uncertainty about exchanging data across the Atlantic. Then, Congress must take action to improve the process for law enforcement agencies to request email data from U.S.-based tech firms when conducting a criminal investigation. All three branches of government have a responsibility to help digital privacy rights catch up with physical ones. If our government achieves parity between privacy rights across those two spheres, then Americans will be safer and can enjoy the protections of their individual privacy.
Berkeley Law School
Friday, July 29, 2016
After the recent Microsoft v. United States decision, the law faces the task of clarifying questions about the international reach of a variety of a legal authorities and processes. In so doing, it should maintain a level playing field for U.S. cloud companies who store their data extra-territorially. There is no policy reason to set a heavier compliance burden on U.S. companies in meeting these requests, the author writes.
The Chertoff Group
Monday, July 25, 2016
Sadly, however, today threats to the free flow of information across the globe come, not only from authoritarian countries but, also, from misguided actions of Western nations that ought to know better. The latest example of this unfortunate trend is the U.S. government's effort to force Microsoft to provide it with data that Microsoft stored in a data center in Ireland. In December 2013, Microsoft received a warrant from a magistrate in the Southern District of New York directing the company to turn over content and non-content information relating to a user associated with the company's Dublin, Ireland data center. Microsoft produced the non-content material associated with the user stored on its U.S. servers, but objected to the order for content data stored in Ireland. The government's view was that the U.S. government can compel the company, a U.S. based cloud provider, to disclose a user's content data stored outside the United States. Happily, that argument has not carried the day. The United States Court of Appeals for the Second Circuit recently issued a decision rejecting the government's request and allowing Microsoft to refuse to produce the data.
Law Office of Bradley S. Shear
Friday, July 22, 2016
The unanimous 3-0 ruling is a victory for not only personal privacy rights but also for the theory that people’s rights in the physical world should be extended to the digital world. This decision will have a tremendous impact on international technology service providers, social media platforms, apps, law enforcement, and individual users of mobile and cloud-based services.