Security News Curated from across the world
The decision to abandon email encryption projects in most cases was probably taken many years ago when those overheads became apparent. Since then, not only have the regulatory and legislative landscapes changed considerably (DPA, FSA, SOX et al), but so has the technology.
http://www.cio.co.uk/opinion/ferguson/2010/05/27/email-encryption-must-be-prioritised/
In fact, with no penalties for failure to notify security breaches, the provisions may do more harm than good since Canadians will expect to receive notifications in the event of a breach, but companies may err on the side of not notifying (given the very high threshold discussed below) safe in the knowledge that there are no financial penalties for failing to do so.
The bill changes the definition of business contact information (which is not treated as personal information) by expressly including business email addresses. This overturns a successful complaint I filed years ago against the (now defunct) Ottawa Renegades over their use of my email address. The change further confirms that PIPEDA cannot be used in spam cases, but C-28 should provide far more effective tools.
The bill establishes a new prospective business transaction exception that permits use and disclosure of personal information in various business transactions. The provision creates some limits on the use of the information, but is designed to address concerns from the business community that PIPEDA could create barriers to mergers and acquisitions as well as other transactions.
The bill creates a new work product exception for the collection, use, and disclosure for information produced by an individual in the course of the employment.
The bill purports to clarify “lawful authority” (ie. disclosure to lawful authority without a court order) but as David Fraser notes it really doesn’t clarify much of anything.
Rather, it encourages disclosures without court oversight by confirming that businesses are not required to verify the validity of the lawful authority. The organization makes its own determination of whether there is a real risk having regard to the sensitivity of the information and the probability that the personal information has been, is being, or will be misused.
By comparison, the California law requires disclosure of any breach of unencrypted personal information that is reasonably believed to have been acquired by an unauthorized person.
In other words, the only threshold is whether an unauthorized person acquired the information, not whether there is real risk of significant harm (other states merely require harm, not significant harm).
Security breach disclosure was widely recognized as a major hole in the Canadian law framework, yet this proposal is a major disappointment that falls far short of striking the right balance between protecting Canadians, encouraging appropriate safeguards of personal information, and guarding against overwhelming Canadians with too many notices.
http://www.michaelgeist.ca/content/view/5059/125/
The ACS Enterprise Cloud can be integrated into the company’s ITIL-compliant ACS Management Platform to speed the deployment of standardized business applications from the cloud.
Xerox said the ACS Enterprise Cloud solution extends the ACS Management Platform (AMP v1.0) delivered through a partnership with Novell that utilizes its Intelligent Workload Management solutions.
http://itmanagement.earthweb.com/netsys/article.php/3883971/Xeroxs-ACS-Rolls-Out-Public-Private-Cloud-Service.htm
Rather than just creating a platform such as Microsoft Azure or Google App Engine, IBM is trying to create an ecosystem where each partner addresses a discrete business process, said Dewitt.
http://www.itbusinessedge.com/cm/blogs/vizard/ibms-rapidly-evolving-cloud-computing-strategy/?cs=41386
· The ability to create the illusion of infinite capacity performance is the same if scaled for one or one hundred or one thousand users with consistent service-level characteristics.
· Abstraction of the infrastructure so applications are not locked into devices or locations.
· Pay-as-you-go usage of the IT service; you only pay for what you use, with no or minimal up-front investment costs.
These technical characteristics can also be found in many non-disruptive technology solutions.
What sets the promise of cloud computing apart is that the rate of change, magnitude of cost reduction and specific technical performance impact that cloud computing can provide is not just incremental, but can give a five-to-ten times order of magnitude of improvement. The famous graphic used by Amazon Web Services illustrating the capacity versus utilization curve has become an icon in cloud computing. The model illustrates the central idea around cloud-based services enabled through an on-demand business provisioning model to meet actual usage. This model is important to businesses because one of the core precepts of cloud computing is to avoid the cost impact of over-provisioning and under-provisioning of computing resources. This benefit is in addition to the opportunity for cost, revenue, and margin advantages of business services enabled by rapid deployment of cloud services with low entry cost, as well as the potential to enter and exploit new markets.
The problem with using the view of capacity and utilization alone is that it is a technology provider/seller viewpoint essentially based on key performance indicators (KPIs) rather than business benefit metrics. What is needed instead is a set of business metrics that build on the cloud computing model.
Cloud computing creates additional cost transformation benefits by reducing delays in decision costs by adopting pre-built services and a faster rate of transition to new capabilities.
1. The speed and rate of change
2. Total cost of ownership optimization
3. Rapid provisioning
4. Increased margin and cost control
5. Dynamic usage
6. Risk and compliance improvement
7. Enhanced capacity utilization
8. Access to business skills and capability improvement
The work of The Open Group is developing tools and frameworks to enable businesses to evaluate these cloud computing opportunities to focus on how flexibility, competitive advantage, compliance risk and security in all aspects of the cost of cloud adoption can be better defined in a business language.
http://www.computerworld.com/s/article/9177387/8_Ways_to_Measure_Cloud_ROI
In fact, president and CMO of Apparent Networks Jim Melvin called the fact that cloud computing providers can’t or won’t take responsibility for network performance issues once information leaves their data center “one of the big stumbling blocks for the growth of cloud computing in general.”
With the increasing use of SaaS applications and accelerating cloud storage demands driven by users out on the “edge” of your network, the WAN pipe to the Headquarters is increasingly getting clogged.
In addition to edge caching (which will only be helpful for large bulk data transfers but not for live, dynamic, chatty traffic), what may be needed is a dynamic scaling up of edge servers to meet edge user demands in real time.
http://sandhill.com/opinion/daily_blog.php?id=71&post=650