Data Privacy

Europe’s fight over data privacy has a silver lining - a cloud-computing boom

Grazed from QZ. Author: Koon Ian Wong.

When it rains, it pours. The cloud is growing over Europe, to the tune of billions of dollars in investment from the world’s biggest tech companies. Microsoft revealed it has spent $3 billion on data centers for its Azure cloud-computing platform in Europe to date. Its next stop is France, where it will join rival Amazon Web Services in building cloud facilities next year.

Apple is reportedly preparing to plough close to $1 billion into a new data facility in Denmark, which is also where Facebook is said to be planning its own major data processing center. The reason for this flurry in activity can be gleaned from Microsoft chief executive Satya Nadella’s tour of Europe, where he took the opportunity to announce something else, too: a book published by the Redmond giant titled “A Cloud For Global Good,” which includes dozens of detailed policy recommendations, with a sharp focus on privacy...

Read more from the source @ http://qz.com/799750/microsoft-msft-azure-europes-in-the-middle-of-a-cloud-boom-thanks-to-data-privacy-rules/

Cloud Computing: Microsoft Wins Landmark Email Privacy Case

Grazed from InfoSecurity. Author: Phil Muncaster.

A US federal appeals court has ruled in favor of Microsoft in a major privacy case related to whether the government can demand access to data stored on servers outside the country. The decision reverses a court order from 2014 requesting that the computing giant hand over emails stored in Ireland for use in a drugs case.

Judge Susan Carney of the US Court of Appeals for the Second Circuit in New York ruled that the Stored Communications Act only applies to data stored in the US. Microsoft had argued that if the government got its way in the case, it could open the floodgates for foreign agents to raid its offices in jurisdictions all over the world and demand access to US citizens’ data...

For cloud adoption to grow, so must trust - report

Grazed from FedScoop. Author: Billy Mitchell.

Businesses, governments and other organizations are more trusting of cloud computing than ever before, but still have doubts about providers' ability to secure sensitive information in the public cloud, according to a new report Thursday. A 77-percent majority of respondents told Intel Security they trust cloud computing more than they did a year ago.

That said, only 13 percent of the participating 1,200 cloud security "decision makers" from around the world said they "completely trust public cloud providers to secure sensitive data," according to the new report, "Blue Skies Ahead? The State of Cloud Adoption," released at Intel Security's Security through Innovation Summit, produced by FedScoop...

Search and seizure: Why everyone must fear hackers in the cloud

Grazed from InfoWorld. Author: David Linthicum.

Expect this headline very soon: "Public cloud used to hack government systems." I'm sure aspects of this are happening right now, and I'm sure we will see more widespread use of public clouds as the platforms for hackery. What should we do with the public clouds used as hacking venues? Do we seize the physical servers? Shut down the offending data center? All of the above?

And if criminals use the same cloud infrastructure as enterprises, how do enterprises know that their data won't get seized along with the bad guys' data? Recent developments are not reassuring. Last month, the FBI seized a private cloud server. And we still remember the NSA's digital spying revelations. Ironically, technical issues may make seizures of public cloud servers unappealing to policing agencies...

EU agrees data protection regulation - despite cloud computing warnings from Amazon, Cisco, IBM and SAP

Grazed from Computing. Author: Graeme Burton.

The Council of the European Union has agreed to new EU Data Protection Regulations that will co-ordinate the law across the 28-member-state bloc for the first time. The agreement after three years of sometimes fractious negotiations was reached at a meeting of justice and home affairs ministers in Luxembourg today.

EU officials claim that making pan-EU data protection laws in the form of a regulation, rather than a looser directive, will provide a foundation for the so-called "digital single market" and instigate growth in the EU's somewhat moribund technology and internet industries – an area in which Europe lags behind both America and Asia...

First international privacy-specific cloud standard adopted by Microsoft

Grazed from Lexology. Author: Neasa Ni ghrada.

On 1 August 2014, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published the first privacy-specific international standard for the cloud: ISO/IEC 27018 "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". Early adopters Microsoft announced on 16 February 2015 that it was the first company to receive certification for the standard.

ISO/IEC 27018 builds on existing ISO standards such as ISO 27001 (the existing best practice for information security management) and is aimed at increasing confidence in data security and cloud computing. Adoption of the standard would complement one of the exceptions to the prohibition on transferring personal data outside of the EEA such as model contracts, Binding Corporate Rules and Safe Harbour...

Microsoft Corp achieves ISO cloud privacy certification

Grazed from FinancialPost. Author: Lynn Greiner.

Privacy is top-of-mind for many industries, especially when it comes to the cloud. Since the U.S. government began demanding access to cloud-based data from Microsoft’s Irish data centre, customers realized that they may not be safe from privacy violations even if their information is not resident in the U.S. Microsoft and other industry players have been fighting the demands, since they’re all placed in the awkward situation of breaking someone’s laws no matter what they do.

If they capitulate, the EU won’t be happy (nor will customers), and if they don’t, the U.S. government will be miffed. With lawyers. But Microsoft firmly believes that customers, not the cloud provider with whom they store it, own their data. To that end, it says it has become the first major cloud provider to adopt ISO/IEC 27018, the first global standard for cloud privacy, and Microsoft Azure, Office 365, and Dynamics CRM Online have been evaluated for compliance by the British Standards Institute. Additionally, Microsoft InTune has been verified by Bureau Veritas...

Read more from the source @ http://business.financialpost.com/2015/03/04/microsoft-corp-achieves-iso-cloud-privacy-certification/?__lsa=ecc6-e6ca

Cloud Computing: What Google knows about data security that you should know too

Grazed from CBC. Author: Jeff Green.

A new report on cloud storage prepared for Google by a Hamilton-based risk advisor shows that businesses need to take a truly global look to completely secure data. And in an interview with the CBC, James Arlen, director of risk and advisory services for Leviathan Security Group, says the same principles of data security companies such as Google need, apply to your personal data, too.

Arlen said the average person treats their personal memories like a digital shoe box, adding it just takes one "flood" for a catastrophic loss to occur. "The person who kept all the photos of the first four years of their child's life on their computer and now their hard drive crashed," Arlen said. "Now your child's photographic life begins at four."...

Cloud Computing: EU Data Protection three years on -Playing catch up with a changing world

Grazed from ITProPortal.  Author: Sue Trembley.

In January 2012, new EU rules designed to create a secure and unified landscape for the collection, use and retention of data were announced.  The changes in regulation were based in part on consumer research undertaken two years earlier and aimed to reflect growing concerns around online data privacy, the evolving digital landscape and globalisation.

The new rules would give individuals greater control over their personal data, make businesses more accountable for that data – with stricter requirements for protection and penalties around data breaches, for example – and commit EU member states to a set of consistent, legally-enforced regulations and rigid definitions...

Cloud Computing: Hacker group hints it caused North Korean Internet crash

Grazed from LATimes. Author: Editorial Staff.

Fresh Internet outages continued to plague North Korea on Tuesday, and speculation about the cause of the rogue country's systemwide crash earlier in the day broadened to include a hacking group that hinted it was responsible. North Korea's Internet connection went down about 2 a.m. Tuesday and wasn't restored for more than 9 1/2 hours, prompting speculation that the U.S. government might have waged a cyberattack against Pyongyang in retaliation for the Nov. 24 hacking of Sony Pictures Entertainment.

The FBI has accused North Korea of committing the attack on the Los Angeles-area studios where the controversial film "The Interview" was made, portraying a fictional assassination plot against North Korean leader Kim Jong Un. North Korea's online community consists of only about 1,000 Internet Protocol addresses, estimates the Dyn research firm that evaluates Internet performance worldwide...

Read more from the source @ http://www.latimes.com/world/asia/la-fg-north-korea-internet-outages-20141223-story.html