Michael Overly

Michael R. Overly is a partner in the Information Technology and Outsourcing Group in the Los Angeles office of Foley & Lardner LLP.  As an attorney and former electrical engineer, his practice focuses on counseling clients regarding technology transactions, intellectual property development, information security, and electronic commerce.  Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP) , Information Systems Security Management Professional (ISSMP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Privacy Professional (CIPP) certifications.  Mr. Overly is chair of the Legal Working Group for the Cloud Standards Customer Council, an end user advocacy group dedicated to accelerating cloud's successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud.  He is a member of the Computer Security Institute and the Information Systems Security Association.

6 resolutions for a secure new year

In Praise of RFPs

The use of the request for proposals (RFP) and its cousin, the request for information (RFI), are both seeing less use these days. This is an unfortunate development. As vendors tighten their flexibility on contracting, frequently...

Who Has Access to Your Cloud Data?

The controversy over Prism and related revelations of the last few days regarding government access to cloud data serve to highlight the importance of addressing the question of “who has access to my cloud data?” in your cloud...

Finding Common Threads in Privacy and Information Security Laws.

The sheer number and variety of laws and regulations that can apply to even small businesses handling sensitive information can be daunting, if not overwhelming. In some instances, it may be almost impossible for even a large,...

Continuing Decline in Cloud Provider Responsibility

I have written previously that one of the primary trends in cloud computing over the last year has been a steady attempt by some, but certainly not all, cloud providers to completely erode most standard customer protections in their...

Ensure Your Data is Securely Deleted

In any instance in which your data may reside on a vendor’s systems (e.g., cloud engagements, hardware rental engagements, etc.), it is critical to ensure that your data is securely removed from those systems (i) when the agreement...

2013 Security Trends

In looking at the security landscape for this year, two trends are clear. Cloud computing and BYOD programs will continue to flourish. Both present a similar challenge to businesses: placing control of data into the hands of third...

CIA in the Cloud

No, this isn’t a post about a secretive intelligence agency. Rather, my reference to CIA is to the well-known acronym in the information security industry to “Confidentiality, Integrity, and Availability” of data. The same language is...

Overreacting to Information Security

If you have been reading my postings for the last several years, you know I am hardly one to be lax when it comes to information security measures – particularly when information will be shared with business partners and vendors. That...

Thoughts on Entering Into Cloud Engagements

Much has been written, including by me, about the risks (and benefits) of cloud engagements. I think a step back maybe in order – perhaps even two steps back. That is, I think it is far too easy to lose the forest for the trees in...

Social Media Hysteria

In late September, California joined the growing number of states enacting laws precluding employers from taking action against employees and job applicants who refuse to turn over their social media passwords without some form of...

Think Carefully Before Collecting Data

In this age of ever plummeting storage costs, some businesses are electing to "store it all" when it comes to consumer data. That is, businesses are storing data regardless of whether there is an actual need with the assumption that...

Load More