Data privacy and security in the post-snowden era
|
|
- Candice Stewart
- 8 years ago
- Views:
Transcription
1 Data privacy and security in the post-snowden era Matthew D. Sarrel, CISSP August 22, 2014 This report is underwritten by Verne Global.
2 TABLE OF CONTENTS Executive summary... 3 Situational analysis... 4 Governments protect and threaten customer data privacy... 7 Iceland is a data haven Conclusion and key takeaways Appendix: security checklist for selecting data-center services About the author About Gigaom Research Data Privacy and Security in the Post Snowden Era 2
3 Executive summary Recent revelations of spying by the U.S. National Security Agency (N.S.A.) as well as by the U.K. and French governments indicate that not every cloud is safe and secure. Companies in countries with strict regulations governing sensitive data must find a geographic location that is legally viable for compliance within their data protection laws. Iceland, through the combination of the Icelandic Modern Media Initiative (IMMI) regulations and status as an European Economic Area (E.E.A.) state, is uniquely positioned as a data privacy haven, so E.U. companies that are serious about protecting corporate intellectual property and customer data should evaluate cloud-hosting providers located there. Key takeaways: Legal data exposure as a result of the U.S. PATRIOT Act combined with illegal data exposure as a result of N.S.A. spying has created a legal environment in which E.U. companies can no longer consider hosting customer data and corporate intellectual property at U.S. cloud providers that are located within the U.S. or in other geographies with weak user privacy laws beyond U.S. borders. Countries within the E.U., such as the U.K. and France, are also guilty of unauthorized data access and spying and are therefore inappropriate countries to host data. Companies headquartered in the E.U. are required under Directive 95/46/EU to protect sensitive customer data, which they cannot accomplish in the environments created by the U.S. PATRIOT Act and government spying. Iceland, with its IMMI regulations and status as an E.A.A. state, is one of the few valid choices for hosting cloud-based data in compliance with Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 3
4 Situational analysis With CIOs enjoying the flexibility, agility, nimbleness, and lower human and capital costs associated with public clouds, cloud computing has entered its mainstream adoption phase. Cloud adoption is fueled by many corporate, cultural, and economic factors such as: Cost cutting in times of economic uncertainty Scaling up or down (resource elasticity) Time savings Data-center simplification A need to use IT resources and personnel efficiently With the hardware procurement times in most organizations upwards of three months, cloud-based infrastructure is an attractive alternative because it is readily available and easy to deploy, thereby saving time and money. Furthermore, IT planners like the control and flexibility of build-it-yourself and do-ityourself (DIY) when they are enabled through the cloud because they require fewer resources. These factors save resources and expensive technical expertise that organizations can better utilize elsewhere. In October 2013, NTT Communications Security published a report based on a survey of 700+ IT decision makers at organizations with 500+ employees in the U.S./Canada, U.K., Germany, Nordics, Singapore, Japan, and Hong Kong. The survey, conducted in May and June 2013, found that more than 87 percent of North American businesses had already moved, or were looking to move, their services and data into the cloud within the next two years. According to the survey, 60 percent of European companies and 34 percent of Nordic companies agreed. Furthermore, 98 percent of those North American businesses using the cloud have been using it for six months or longer versus 79 percent in Europe. Corporate intellectual property (IP) is a key differentiator and value proposition. The 2013 edition of the World Intellectual Property Organization s IP Facts and Figures provides statistics about four types of industrial property: patents, utility models, trademarks, and industrial designs. Each year, the World Intellectual Property Organization conducts a survey of approximately 150 national and regional IP offices around the world. The estimated 2.35 million patent applications filed worldwide in 2012 represent growth of 9.2 percent over This is the highest rate of growth recorded in 18 years. Data Privacy and Security in the Post Snowden Era 4
5 Figure 1. Source: WIPO 2013 Organizations are rightly concerned about any outside source snooping through their data because leaking valuable corporate IP of any kind is detrimental to an enterprise. In the post-snowden era, the importance of data security and data privacy as the key decision criteria in selecting a cloud infrastructure provider has been magnified. Data Privacy and Security in the Post Snowden Era 5
6 Companies think about data security and data privacy very differently today from the way they did a couple of years ago. CIOs are curious to explore geographies and jurisdictions that can provide the greatest protection to their corporate IP. In the post-snowden era, data security and data privacy laws vary across North America and Europe. For example, when compared to many other countries, Swiss and German laws are more favorable to enterprises than to authorities. Data Privacy and Security in the Post Snowden Era 6
7 Governments protect and threaten customer data privacy Directive 95/46/EC, which is the primary data protection law in the E.U., establishes a regulatory framework for the protection of personal data. It attempts to strike a balance between securing and protecting the privacy of individuals and the free movement of personal data within the E.U. It sets strict limits on the collection and use of personal data and demands that each member state establish an independent national body responsible for the protection of that data. Data processed by E.U. entities must be under their control at all times and customers must be notified in the event of a data breach. Data must not be exposed to prying eyes, including those of government bodies. Edward Snowden highlighted this issue when he leaked information to various newspapers about the N.S.A. programs designed to intercept European telephone metadata and the existence of the PRISM and Tempora internet surveillance programs. At the time he gathered the information, he was working as a contractor for Booz Allen Hamilton, as an infrastructure analyst for the N.S.A. Although many in the security community already knew about these programs, Snowden s leaks drew greater public attention to them. The N.S.A. s wholesale data harvesting and spying, as revealed by Snowden, violates the privacy of data subjects and renders the protection of data by processors impossible. For this reason, no company headquartered in the E.U. and subject to E.U. law can satisfy the requirements of Directive 95/46/EC while hosting data in the U.S. The leaks have led the E.U. and many of its member countries to investigate their own data protection laws to determine whether permission was granted for U.S. access to local data. In most cases it was not. E.U. Vice President Neelie Kroes said that she was also concerned about the wider impact on the cloud computing industry given that most cloud providers are U.S. companies. If European cloud customers cannot trust the U.S. government or their assurances, then maybe they won t trust U.S. cloud providers either, Kroes said in July of Spying is not exclusively the purview of the U.S. government. France was also exposed for its data surveillance when newspaper Le Monde reported that the French foreign intelligence service DGSE regularly intercepts data from internet and telephone communications on a large scale. According to Le Monde, the operation is outside the law and beyond any proper supervision. French officials refused to comment on the accusations that the DGSE analyses the metadata of s and other communications Data Privacy and Security in the Post Snowden Era 7
8 revealing who is speaking to whom, when, and where. Le Monde reported that connections inside France and between France and other countries are all monitored and that while the operation is designed to uncover terrorist cells, its scale implies that anyone can be spied on at any time. BBC coverage of the Le Monde article added the U.K. spy agency GCHQ is reported to run a similarly vast data collection operation, co-operating closely with the N.S.A. Figure 2. Source: NTT Communications Largely as a response to the information leaked by Snowden, countries in Europe (both in and out of the E.U.), Asia, Australia, New Zealand, Russia, Saudi Arabia, and Brazil have initiated legislation requiring that data generated within their borders stays within their borders. When the data of one country s citizens leaves its borders, the country loses the ability to regulate the use of that data. Consequently, many countries are concerned that data privacy laws in other countries, particularly those in the U.S., don t offer the protections their citizens expect or that national leadership wants to guarantee. Data Privacy and Security in the Post Snowden Era 8
9 Many enterprises use the cloud to ensure they will have a data-center presence in all the locations where they do business as well as for geographic diversity that can aid disaster recovery (DR). But if data generated in one country is required to stay in that country, then the cloud provider must be able to provide a guarantee that such data does in fact never leave that country. This points to a solution that involves multiple clouds in multiple countries, which is not the easiest system to build and maintain. Additionally, due diligence can be difficult from the other side of the planet, and the data custody practices of cloud providers in emerging markets like Eastern Europe and Latin America are not very easy to assess. Assessing the interaction between the data-center provider and the local government is crucial. If a government issues subpoenas or warrants for data, will the service provider hand it over? If not, will the service provider adhere to the idea that while they house the data, they are not in custody of it, so the enterprise must comply? In the U.S., cloud providers are not required by law to notify their customers if they allow access to the authorities responding to a subpoena. Therefore most don t. The Information Technology and Innovation Foundation (ITIF), a technology think tank, projected in August 2013 that U.S. cloud-computing providers would eventually lose 20 percent of the foreign market to competitors. In dollar terms, it projected losses as high as $35 billion by Apprehension over the security of the sensitive data stored in the cloud has caused many businesses to avoid storing data in cloud services within the U.S. In a survey of 300 U.K. and Canadian businesses commissioned by PEER 1 Hosting and published in January 2014, twenty-five percent of those surveyed stated that they would move their company data outside of the U.S. due to N.S.A.-related privacy and security concerns. In addition, 82 percent indicated that privacy laws are a top concern when choosing where to host their data and 81 percent want to know exactly where their data is being hosted. Nearly 70 percent of respondents agree they would sacrifice performance to ensure data sovereignty. Clearly, data privacy and security concerns were heightened following the revelation of data spying programs by the N.S.A. and other organizations around the world. Customers are now demanding that hosting and cloud providers offer them control over the locations where they store their customer data, ensuring that they can guarantee security and privacy over data while maintaining regulatory compliance. Data Privacy and Security in the Post Snowden Era 9
10 Iceland is a data haven Over the past five years, due to the Icelandic Modern Media Initiative (IMMI), which is currently a project of the International Modern Media Institute, Iceland has become a data haven with the most progressive internet laws in the world. The origins of the IMMI go back to 2009 and an incident involving Wikileaks: In August 2009, Kaupþing Bank succeeded in obtaining a court order gagging Iceland s national broadcaster, RÚV, from broadcasting a risk analysis report showing the bank's substantial exposure to debt default risk. This information had been leaked by a whistleblower to WikiLeaks and remained available on the WikiLeaks site; faced with an injunction minutes before broadcast the channel ran with a screen grab of the WikiLeaks site instead of the scheduled piece on the bank. Citizens of Iceland felt outraged that RÚV was prevented from broadcasting news of relevance. Therefore, WikiLeaks has been credited with inspiring the Icelandic Modern Media Initiative, a bill meant to reclaim Iceland's 2007 Reporters Without Borders (Reporters sans frontières) ranking as first in the world for free speech. It aims to enact a range of protections for sources, journalists, and publishers. Birgitta Jónsdóttir, a former volunteer for WikiLeaks and member of the Icelandic parliament, is the chief sponsor of the proposal. It is particularly important that the IMMI protects intermediaries such as ISPs and telecommunications carriers from prosecution. In addition, the law provides protections from foreign judgments that violate Icelandic freedom of expression protection. This legislation means that no company in Iceland is required by Icelandic law to disclose information for legal reasons alone. One of the explicit aims of this legislation is to prevent the misuse of data by foreign intelligence services such as the N.S.A. In addition, the PATRIOT Act is only applicable to American companies housing data in Iceland. The PATRIOT Act allows U.S. intelligence and investigation services to access cloud data stored by U.S. companies wherever it is hosted regardless of geographic location. The law also includes a gag order to prevent target companies from learning and disclosing that their data has been accessed. This means that a U.S.-based or U.S.-controlled cloud provider is required to turn over a company s data and cannot tell them that they did so. This violates both the IMMI and Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 10
11 Furthermore, Iceland benefits from an E.U. status as a commissioned data processor, which means that the usual requirement when carrying out cross-border data transfers to check that the country in which the data processor is located ensures an adequate level of protection is no longer applicable. Companies located in Iceland seeking to process E.U. possessed data must undergo an audit of their technical and organization security measures and provide appropriate security guarantees. As part of the E.A.A., Iceland, along with Liechtenstein and Norway, is guaranteed free movement of goods, services, capital, and labor including data. Directive 95/46/EU applies to E.U. data housed in Iceland and regulations there are consistent with the data-protection legislation in E.U. member countries. The IMMI is comparable to data protection laws throughout the E.U., so data housed in Iceland must be treated no differently from data housed in any country within the E.U. Data Privacy and Security in the Post Snowden Era 11
12 Conclusion and key takeaways While cloud computing is on the rise in North America and Europe, serious threats to data privacy and the security of corporate intellectual property exist. These threats are not only the result of illegal activities engaged in by hackers. Perhaps the greatest threats to customer data and corporate IP are those posed by governments and their warrants, subpoenas, and espionage. Trust in the U.S. government has been deeply eroded as a result of the Snowden revelations of N.S.A. spying. Companies that must avoid potential exposure to government spying and adhere to E.U. data privacy regulations can neither consider hosting sensitive data within the geographic boundaries of the U.S. nor can they host it at U.S.-owned cloud providers located outside U.S. borders. For these businesses, IMMI regulations and Iceland s status as an E.E.A. state make it an ideal location for hosting customer data and corporate IP. The combination of legal data exposure as a result of the U.S. PATRIOT Act and illegal data exposure as a result of N.S.A. spying has created an environment where E.U. companies can no longer consider hosting customer data and corporate intellectual property at U.S. cloud providers located within and beyond the borders of the U.S. Countries within the E.U., such as the U.K. and France, are also guilty of unauthorized data access and spying and are therefore also inappropriate countries to host data. Iceland, with the IMMI regulations and status as an EAA state, is one of the few valid choices for hosting cloud-based data in compliance with E.U. Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 12
13 Appendix: security checklist for selecting datacenter services Here is a checklist that organizations can use when they are selecting data-center services and testing data security and privacy. Is your company headquartered in the E.U. or otherwise subject to Data Protection Directive 95/46/EC? Is your company legally required to store data in the country or region in which it was generated? Is the service provider located in or owned by a U.S.-based company, and therefore subject to the PATRIOT act? Is the service provider located in a country that is known to have engaged in data intercepts or to have cooperated with U.S. PATRIOT Act surveillance? If it operates in or with E.U. countries, has the service provider earned the status of commissioned data processor?" If a government issues a subpoena or warrant for company data, will the service provider hand it over without permission of the company? If a service provider turns over company data to a government, will it notify the company that such a transfer has occurred? What level of detail will they provide? Data Privacy and Security in the Post Snowden Era 13
14 About Matt Sarrel Matthew David Sarrel is currently Executive Director of Sarrel Group, an editorial services, product test lab, and information technology consulting company with offices in New York City and San Francisco. He is a Contributing Editor for PC Magazine as well as a Frequent Contributor for the Internet.com family of sites. He is also a technical writer and game/product reviewer. Previously, he was a technical director for PC Magazine Labs. Prior to joining PC Magazine, he served as Vice President of Engineering and IS Manager at two internet startups and almost 10 years providing IT solutions in medical research settings, beginning his career as a network administrator and ultimately serving as Director of IT for the New Jersey Medical School National Tuberculosis Center and CIO for the HIV Educational Exchange for Healthcare Workers in Vietnam project. About Gigaom Research Gigaom Research gives you insider access to expert industry insights on emerging markets. Focused on delivering highly relevant and timely research to the people who need it most, our analysis, reports, and original research come from the most respected voices in the industry. Whether you re beginning to learn about a new market or are an industry insider, Gigaom Research addresses the need for relevant, illuminating insights into the industry s most dynamic markets. VisitU.S.at:research.gigaom.com Giga Omni Media, Inc. All Rights Reserved. This publication may be used only as expressly permitted by license from Gigaom and may not be accessed, used, copied, distributed, published, sold, publicly displayed, or otherwise exploited without the express prior written permission of Gigaom. For licensing information, please contact us. Data Privacy and Security in the Post Snowden Era 14
CSA Survey Results Government Access to Information July 2013
CSA Survey Results Government Access to Information July 2013 EXECUTIVE OVERVIEW During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines.
More informationNSA After-shocks. How Snowden has changed ICT decision-makers approach to the Cloud
NSA After-shocks How Snowden has changed ICT decision-makers approach to the Cloud FOREWORD 2013 was a game-changing year for cloud service providers across the globe. Edward Snowden s revelations of covert
More informationGovernment Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015
Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015 1 Network and cybersecurity vs. access Fundamental tension exists between:
More informationINTELLECTUAL ASSET MANAGEMENT DATA SECURITY IN THE CLOUD. Protecting the assets that protect your business
INTELLECTUAL ASSET MANAGEMENT DATA SECURITY IN THE CLOUD Protecting the assets that protect your business Data privacy and security is a huge issue that even precedes Big Data; we at Thomson Reuters have
More informationPrivacy in the Cloud A Microsoft Perspective
A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft
More informationImplications for Cloud Computing & Data Privacy
Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune
More informationPrivacy in the Cloud Computing Era. A Microsoft Perspective
Privacy in the Cloud Computing Era A Microsoft Perspective November 2009 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date
More informationContinuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability
A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around
More informationThe PerspecSys PRS Solution and Cloud Computing
THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from
More informationData Privacy: Where Should I House My Data?
Data Privacy: Where Should I House My Data? intralinks.com Data Privacy: Where Should I House My Data? As enterprise file sharing and collaboration tools become more widely used, it becomes increasingly
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationWhat s Holding Back the Cloud?
MAY 2012 Peer Research What s Holding Back the Cloud? Intel Survey on Increasing IT Professionals Confidence in Cloud Security Why You Should Read This Document This report captures key findings from a
More informationA clearer view. Security, compliance, and the cloud
A clearer view Security, compliance, and the cloud 2 A Clearer View ecurñ This document examines the current regulatory climate around the cloud and explains what to look for from a security standpoint
More informationCLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com
More informationHow enterprises will use the cloud for big data analytics
How enterprises will use the cloud for big data analytics Lynn Langit November 10, 2014 This report is underwritten by Cazena. TABLE OF CONTENTS Executive summary... 3 A majority of enterprises are interested
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
More informationPrivacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy
Privacy and data protection in a post-snowden world Carly Nyst Head of International Advocacy The great irony is that we re the only ones not spying on the American people. - Keith Alexander, head of the
More informationJust Net Coalition statement on Internet governance
Just Net Coalition statement on Internet governance (Just Net Coalition is a global coalition of civil society actors working on Internet governance issues) All states should work together to provide a
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationAs the US debates email privacy a Berlin start up surges with...
TOP STORIES / SCI-TECH DATA PROTECTION As the US debates email privacy a Berlin start up surges with 'anonymous post' No matter how much we say we're angry about the NSA scandal, we still use all the services
More informationBig Data for Law Firms DAMIAN BLACKBURN
Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is
More informationPresentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012
Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationMarist College. Information Security Policy
Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...
More informationSELECTING AN ENTERPRISE-READY CLOUD SERVICE
21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application
More informationResponse to the European Commission consultation on. European Data Protection Legal Framework
Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationWho Controls Your Information in the Cloud?
Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
More informationData Privacy in the Cloud: A Dozen Myths & Facts
Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking
More informationLOOKING AT CLOUDS FROM BOTH SIDES NOW
ANALYSIS, ADVANCED KEY POINTS OF THE ARTICLE: LOOKING AT CLOUDS FROM BOTH SIDES NOW WRITTEN BY W. KUAN HON, CHRISTOPHER MILLARD & IAN WALDEN 1/12 SUMMARY 1. Analysis history...3 2. Context...4 3. The evolution
More informationGLOBAL CONSTRUCTION: INTERNATIONAL OPPORTUNITIES, LOCAL RISKS
GLOBAL CONSTRUCTION: INTERNATIONAL OPPORTUNITIES, LOCAL RISKS BUILDING A MULTINATIONAL INSURANCE PROGRAM FOR CONTRACTORS Geoffrey Hall, William Hazelton and Bryan Tedford GLOBAL CONSTRUCTION: INTERNATIONAL
More informationSecurity and Control of Data in the Cloud with BitTitan Data Encryption
Security and Control of Data in the Cloud with BitTitan Data Encryption Contents Ownership and Control of Data in the Cloud... 3 Unstructured Sensitive Information in Email/Calendars... 3 How Can Email
More informationA Nielsen Report Global Trust in Advertising and Brand Messages. April 2012
A Nielsen Report Global Trust in Advertising and Brand Messages April 2012 CONSUMER TRUST IN EARNED ADVERTISING GROWS IN IMPORTANCE Earned media sources remain most credible Trust in traditional paid advertising
More informationThe Advanced Cyber Attack Landscape
The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational
More informationPIPEDA and Online Backup White Paper
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
More informationGlobal Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York
More informationInternational Education Index comparative perspective from 21 countries. Janet Ilieva, PhD EDUCATION INTELLIGENCE
International Education Index comparative perspective from 21 countries Janet Ilieva, PhD Background Rapid growth in participation in tertiary education across the world, in the number of students pursuing
More informationAbout the Survey Respondents
SPECIAL REPORT Information Security & Cyber Liability Risk Management The Second Annual Survey of Enterprise-wide Cyber Risk Management Practices in Europe February 2013 SPECIAL REPORT Information Security
More informationBrief on Did GCHQ Spy on You Illegally?
Brief on Did GCHQ Spy on You Illegally? Privacy International on Monday launched a campaign and platform allowing people to ask the UK s surveillance court, the Investigatory Powers Tribunal, if GCHQ spied
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationGovernment Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials
Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials 1 Introduction Data privacy is a growing concern for the US government as employees conduct business
More informationGlobal Client Group The Gateway to AWM
Global Client Group The Gateway to AWM January 2013 For professional investors only Content 1 2 3 Deutsche Bank and Asset Global Client Group Our product and service offering 1 Deutsche Bank A global partner
More informationPrivacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.
Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationNSA Surveillance, National Security and Privacy
NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM
More informationAsia Emerging Risks Report
CORPORATE INTEGRITY PRACTICE AUDIT DIRECTOR ROUNDTABLE Asia Emerging Risks Report Q2 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company is to create revolutionary
More informationVMware Cloud Adoption Study
VMware Cloud Adoption Study Executive Summary May 2012 Contents About the research 3 Objectives 4 Overview 4 Key Findings 5 European enterprises to spend a third of IT budgets this year on cloud computing,
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationHealthcare Security and HIPAA Compliance with A10
WHITE PAPER Healthcare Security and HIPAA Compliance with A10 Contents Moving Medicine to the Cloud: the HIPAA Challenge...3 HIPAA History and Standards...3 HIPAA Compliance and the A10 Solution...4 164.308
More informationWhy Join BSA? A Vital Resource for Software Companies. The many reasons why software companies join BSA OUR VALUE PROPOSITION
Why Join BSA? The many reasons why software companies join BSA OUR VALUE PROPOSITION A membership in BSA The Software Alliance provides you a seat at the table with the world s leading software companies.
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationThe threats which were perceivable 20 years ago differ greatly from our ever increasing
1 Introduction The threats which were perceivable 20 years ago differ greatly from our ever increasing interconnected world of the present. With these new found risks there becomes the need for a different
More informationThe Business Value of e-invoicing
STERLING COMMERCE WHITE PAPER The Business Value of e-invoicing A new look at the challenges, trends and opportunities in the global marketplace Table of Contents 3 Executive summary 4 Situation overview
More informationPrivacy in the Cloud: Data Protection and Security in Cloud Computing
SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on
More informationForeign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations
Foreign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations Clarity in a complex world www.mintzgroup.com How We Work: Because the reputations of companies and individuals
More informationPRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction
PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal
More informationFREEDOM OF INFORMATION REQUEST
FREEDOM OF INFORMATION REQUEST Request Number: F-2013-05371 Keyword: Operational Policing Subject: Unmanned Aerial Systems (UAS) Purchased By PSNI 2012-2013 Request and Answer: Question 1 The number of
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationReport on Government Information Requests
Report on Government Information Requests November, We believe that our customers have a right to understand how their personal information is handled, and we consider it our responsibility to provide
More informationIndustrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)
More informationDisaster Recovery and Online Backup as a Service
Disaster Recovery and Online Backup as a Service Global Overview & Outlook AMI-Partners 546 Fifth Avenue, New York, NY 10036 212-944-5100 www.ami-partners.com Source: AMI-Partners (www.ami-partners.com)
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationHow Much Will PRISM Cost the U.S. Cloud Computing Industry?
How Much Will PRISM Cost the U.S. Cloud Computing Industry? BY DANIEL CASTRO AUGUST 2013 The U.S. cloud computing industry stands to lose $22 to $35 billion over the next three years as a result of the
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationFACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy
FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013 [I. INTRODUCTION] My name is Richard Allan, and I am the Director of Public Policy for Facebook in Europe, the Middle East and Africa. I have been with
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationThought leadership from
Thought leadership from In Clouds We Trust? National Security Disrupts the Cloud Computing Risk Landscape June, 2013 Nelson M. Nones CPIM Chairman and CEO, Geoprise Technologies Corporation A SUDDEN COLLAPSE
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationChallenges of Cloud Information
The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationReport on Government Information Requests
Report on Government Information July 1 - December 31, 2014 apple Apple takes our commitment to protecting your data very seriously and we work incredibly hard to deliver the most secure hardware, software
More informationFull-Speed Ahead: The Demand for Security Certification by James R. Wade
Full-Speed Ahead: The Demand for Security Certification by James R. Wade It s no secret that technology is creating a more connected world every day. But as new technologies are released and adopted, the
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationCloud Computing Requires National Policy Leadership
Cloud Computing Requires National Policy Leadership BY DANIEL CASTRO AUGUST 2010 Policymakers should work both to ensure that the right policies are in place to enable widespread use of cloud computing
More informationInformation Security: Cloud Computing
Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration
More informationCloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
More informationCyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk
Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big
More informationHow To Protect Your Organization From Insider Threats
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT
More informationLeverage A Third-Party Data Center To Deliver Increased Business Value
A Custom Technology Adoption Profile Commissioned By NTT Communications March 2014 Leverage A Third-Party Data Center To Deliver Increased Business Value 1 Introduction Companies are under increasing pressure
More information360 o View of. Global Immigration
360 o View of Global Immigration In a fast moving global economy, remaining compliant with immigration laws, being informed and in control is more challenging than ever before. We are a globally linked
More informationAudit Director Roundtable Asia Emerging Risks Report
Audit Director Roundtable Asia Emerging Risks Report Q3 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company and its affiliates (CEB) is to unlock the potential
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationInternational Asset Recovery
International Asset Recovery March 2011 Update Hong Kong Steven Philippsohn Commercial Fraud Specialists PCB Litigation LLP Solicitors E-mail : snp@pcblitigation.com Web Site : www.pcblitigation.com PCB
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationIF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:
NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationSecond Cyber Security Summit, November 11, 2013 in Bonn Final communique
Second Cyber Security Summit, November 11, 2013 in Bonn Final communique On November 11, the Cyber Security Summit was held for the second time in Bonn at the invitation of the Munich Security Conference
More informationTECHNOLOGY SECURITY AUDIT
SECURITY AUDIT Helping New Jersey State & City Governments Achieve and Maintain Regulatory Compliance New Jersey s State and Local Governments are required by law to deploy and maintain strong security
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationStrategically Source Your Next Data Centre Data Centre Purchasing Drivers, Priorities, and Barriers for Asia-Pacific Firms
A Forrester Consulting Thought Leadership Paper Commissioned By Digital Realty July 2014 Strategically Source Your Next Data Centre Data Centre Purchasing Drivers, Priorities, and Barriers for Asia-Pacific
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationThe USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004
The USA Patriot Act Government Briefing Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 Agenda Background Overview of Government Responses and Approach Mitigation
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More information