Lawyers in the Cloud (And Their Data)

Even state bar associations, the entities that regulate lawyers, are struggling with the cloud. Specifically, the “big” question is “if a lawyer stores attorney-client privileged information in the cloud, will that result in a waiver...

Amazon Web Services Failure Points Out Need for Redundancy

The substantial failure of Amazon Web Services that impacted may major as well as numerous minor Web sites highlights one of the most substantial concerns of cloud engagements: performance. In this case, based on in initial...

Data Held Hostage

Recently a customer of a cloud service had a rude awakening. At the expiration of its contract, the customer asked the provider for a copy of the customer’s data. The cloud provider readily agreed, but pointed to two provision in...

New Survey Highlights Security Risks in Cloud Computing

A new survey by Trend Micro (available at http://us.trendmicro.com/imperia/md/content/us/trendwatch/cloud/global_cloud_survey_exec_summary_final.pdf) shows that almost half of all respondents had experienced a data security lapse or...

Visas and Outsourcing

Offshore outsource vendors, particularly those in India, are increasingly asking their customers to assist them in obtaining visas and in other immigration matters for their on-shore workers. These requests can place the customer in...

Dangers of Third Party Software Development Highlighted by New Report

If you haven't read it, lay your hands on the new Software Integrity Risk Report from Forrester. It confirms what many of us have suspected for a long time: businesses don't adequately review the code developed by their third party...

Change in Dropbox’s Terms and Conditions Highlights Fundamental Cloud Issue

As you may no doubt have read, online storage vendor Dropbox recently updated its terms and conditions to reflect that it may be required to turn over customer data stored on its servers in response to governmental requests. The...

E-mail Blind Copies and Data Security

A recent court decision aimed at lawyers should serve as an object lesson for us all on the potential security risks of blind copying parties on e-mail. Specifically, the risk arises when a blind copied recipient hits “respond all”...

Software Resellers and Information Security Risks

Many organizations are turning to resellers to buy “off-the-shelf” software. These resellers can frequently offer better pricing than could be obtained by purchasing directly from the software developer. In addition, in some cases,...

Cloud Computing Literally as a Commodity

We have all heard the common refrain of treating cloud computing as a commodity. Typically when this is said, the speaker is referring to the fact that cloud computing resources are made available by large data centers in more or less...

Social Media Strikes Again

I have previously blogged about the pitfalls of employee use of social networking. Those pitfalls were highlighted yesterday with the announcement of a settlement in a case involving a woman who was allegedly fired for criticizing her...

Adventures in Key Logging

As companies become more and more concerned with employee misuse use of their computer systems (e.g., excessive Internet use, downloading pornography, protection of company proprietary information, theft of trade secrets, use of...

Loose Lips Sink Ships When it Comes to the Attorney-Client Privilege

I have previously written about the need to ensure employees understand their confidentiality obligations to their employers in making postings to social networking and other similar sites. Particularly, we have talked about educating...

Sixth Circuit Makes it Harder to Get Cloud E-mail

The Sixth Circuit has just ruled that the government must have a search warrant before it can secretly seize and review e-mail from cloud providers. This decision marks the first time this issue was squarely addressed by a federal...

New Standards for Governmental Agencies on Cloud Computing Security

For well over a year, an inter-agency team comprised of the National Institute of Standards and Technology (NIST), General Services Administration (GSA), the CIO Council and working bodies such as the Information Security and Identity...

PCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions

If you follow PCI developments at all, you no doubt have heard of the new end-to-end encryption guidance released a couple of weeks ago by the PCI Security Standards Council (available at...

Marketing Associations Launch Self-Regulatory Scheme for Online Data Collection

Early this month, leading marketing associations made available a self-regulatory scheme for only businesses who collect information about consumer interactions with Web sites for advertising purposes (http://www.aboutads.info/). The...

It Doesn’t Pay to Bury Your Web Site Terms and Conditions

While courts have generally found that Web-based terms and conditions are enforceable, businesses cannot hide those terms or make them difficult to identify. This is exactly what happened in a recent case in the Eastern District of...

FDIC Issues Guidance to Financial Institutions on Data Destruction

The issue of secure data destruction is gaining critical mass. Of course, we have had the DoD 5220-22-M Standard for a long time now. Then came the NIST Special Publication 800-88, Guidelines for Media Sanitization...

Electronic Signatures Upheld, Again

Except in highly unusual circumstances, the ship has all-but-sailed on the enforceability and effectiveness of electronic signatures. Most recently, a Mississippi district court upheld the validity of an individual's electronic...

Load More
Top Blog Posts