Category Archives: Cloud Computing

Veracode Recognized as a “Leader” in Gartner Magic Quadrant for Application Security Testing

Veracode Recognized as a “Leader” in Gartner Magic Quadrant for Application Security Testing

 Veracode Well-Known for Its Scalable Cloud-Based Service, Ongoing Innovation and Expertise

BURLINGTON, MA–(Marketwired – Aug 10, 2015)Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, today announced that it has been positioned in the “Leaders” quadrant of Gartner Inc.’s 2015 “Application Security Testing Magic Quadrant1” for the third consecutive year, based on the company’s completeness of vision and ability to execute in the application security testing (AST) market.

Veracode

Highly publicized breaches in the past 12 months have raised awareness of the need to identify and remediate vulnerabilities at the application layer. Enterprise application security testing solutions for web, cloud and mobile applications are key to this strategy.

Veracode’s automated cloud-based service safeguards web, mobile and cloud applications for more than 800 organizations worldwide, including three of the top four banks in the Fortune 100 and more than 25 of the world’s top 100 brands. The company is widely recognized for its demonstrated innovation, strong reputation for service quality, and broad set of automated services delivered on a single scalable platform.

Software has eaten the world. Every enterprise is becoming a software company, regardless of what business they’re in — and it’s no longer feasible to hire an army of specialized experts to secure your global software infrastructure,” said Bob Brennan, Veracode CEO. “Our mission is to secure the world’s software. We view our ongoing recognition by Gartner as further validation that our cloud-based approach and world-class expertise are successfully reducing application-layer risk for the world’s largest organizations, across in-house, outsourced, commercial and open source applications.”

To read the full report visit.

About Veracode

Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market — without compromising security.

Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.

1Gartner, Inc. 2015 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman. August 10, 2015

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Adobe Releases Another Security Update For The Dying Flash

Adobe Releases Another Security Update For The Dying Flash

Growing Security Concerns Surrounding Adobe Flash 

Adobe has today released yet another security update for Adobe Flash Player. Aimed at Flash developers, the update is the 12th since the beginning of 2015, and follows recent pleas from Facebook’s newly appointed chief security officer (CSO) Alex Stamos to discontinue Flash as soon as possible, because it is has become increasingly vulnerable to hacking.

Today’s update is intended to fix “critical vulnerabilities” that are detailed in the company’s Security Bulletin APSB 15-19, although all current links go to a 404 error, probably because their UPDATES: Security Bulletins Posted was last updated on July 14. However, it is clear that the update is for the updated debugger and standalone versions of Flash Player, for Windows, Mac and Linux.

Adobe_Flash_Player_v11_icon

The company does though state that from today (August 11, 2015), the version of “Extended Support Release” from Flash Player version 13 has been updated to Flash Player version 18 for Mac and Windows. It tells users to install the full version 18 or to update to the most recent available release to stay current and up-to-date with all the security updates that are available. However it also urges IT companies to test the new version 18 releases thoroughly before using them.

The company states that its latest update is intended for organizations that “prefer Flash Player stability” rather than so-called “new functionality.” It also states that it intends to create “a branch of the Flash Player code” that will stay up-to-date with all the latest security updates. However none of these bug fixes or new features will be available via their “normal release branch.” The reason for this is that it will allow organizations to certify and also remain secure with Flash Player with “minimal effort.”

Vulnerability Issues With Adobe Flash

There have been numerous vulnerability issues with Flash over time, the most recent at the beginning of July this year, that ended up with hackers executing malicious code on a computer via a website. The security flaw was discovered by Hacking Team, an Italian cyber-surveillance company, which reportedly decided to keep the hack secret while malware developers went on to steal more than 400 GB of data.

At the time, Adobe warned that successful exploitation of the vulnerability might cause systems to crash. They also acknowledged that the vulnerability might enable attackers to “take control” of systems that were affected, and that they were aware the vulnerability had been published publicly. This resulted in an immediate security update for Flash Player as well as an update for Acrobat and Reader (July 8). Another Flash Player update followed on July 14.

Earlier this year, in January and February, Adobe released six emergency security updates for Flash, indicating that this is clearly an ongoing problem. But its security issues go back even longer than many people realize. Five years ago Apple’s Steve Jobs noted that Flash had had a shocking security record for 2009. In an open letter, Thoughts on Flash, he explained why Apple would not allow Flash to be used on iPads, iPods, and iPhones, but instead uses JavaScript, HTML5 and CSS. Essentially Apple’s reasoning, historically, was based on technology issues, major technical drawbacks, and the fact that even though Flash is widely available it is a “closed system” only available from Adobe. He also slated the performance, security and reliability of Flash, stating that the software was the number one cause of Mac computers crashing. While Apple was working with Adobe fix computer-based problems, Apple did not want to reduce the security and reliability of their other devices.

YouTube recently moved away from Flash technology, and from January 2015 dropped its default support for Flash in favor of HTML5. While Facebook has traditionally supported Flash, it now also allows HTML5 because it is not as vulnerable as Flash, and is better optimized for mobile devices.

Stamos and Facebook Security

facebook-alex-stamos

Famously head-hunted from Yahoo in June this year, Stamos has stated publicly (via his Facebook page of course) that Facebook is best positioned to build safe, trustworthy products on the Internet. “The Facebook security team has demonstrated a history of innovation as well as a unique willingness to share those innovations with the world, and we will build upon that history in the years to come,” he wrote.

Less than two months into his new job, Stamos has attracted considerable attention after leaving Yahoo, joining Facebook, and announcing that he is determined to force Adobe to shut down Flash. He made his own announcement on Facebook on June 24 that he was leaving Yahoo and taking up the new Facebook position.

Then a few weeks later he used Twitter to state that it was time for Adobe to discontinue Flash, calling on the company to announce an “end-of-life date” for the software plug-in that has been installed on more than 1.3 billion computers worldwide.

Stamos has made it clear that he doesn’t believe the Internet needs Adobe Flash and instead of the company helplessly trying to find the ultimate security fix for its problems, should “announce the end-of-life date for Flash.” He also urged Adobe to “set killbits” that will disable the software worldwide on that date.

By Penny Swift

Top 5 Cloud IT Predictions For Finance Sectors

Top 5 Cloud IT Predictions For Finance Sectors

The Banking Systems Legacy

Financial technology systems, like the banks they serve, have been built over decades through a long series of mergers and acquisitions. Already operating across a complex set of siloed departments and systems (core banking, payments, trading, etc) each merger or acquisition has resulting in further systems being bolted on to create ever greater and more complex IT systems connected by a maze of spaghetti. Most large banks are now creaking at the seams, with more budget devoted to supporting legacy systems than to innovation. Many banks have core banking systems as much as 40 years old, but these systems are so critical to their operation and so heavily integrated into other systems that they have become near impossible to replace. Doing so has been likened to trying to change the engine on a jet airplane mid-flight.

This does not mean that there is no new banking technology available, or that new entrant banks aren’t basing their operations on the latest technology. Often making significant use of cloud technologies, challenger banks typically see their IT operations as a major source of competitive advantage. At the same time most of the older retail banks are experimenting with newer technology in some of their peripheral operations, but at their heart in their core systems they are still stuck with what they have – that is until now.

Banking in the 21st century

shutterstock_254245552

Technology within the financial sector has changed considerably over the last decade. Information technology systems post the dotcom boom (those that survived) evolved into systems that were intertwined with nearly all of the other IT Services utilised within each respective organisation. This came with challenges and benefits post the outsource/offshore trend that amassed much confusion to everyone working inside the finance industry, as well as for the regulators. Virtualisation was still in its infancy with complex infrastructures that were, (and still in the majority are) replicated in its entirety to a separate location for contingency purposes. Automation of technology was cumbersome and Application Service Providers (ASP) were rife, wrestling with coding for crude web presences coupled with the continued efforts for centralization of IT Infrastructure made more difficult by the recent outsourcing trend.

What followed towards the end of the decade were phases of cost cutting and consolidation, that were inevitable post 2008 and the financial crisis. It was at this stage of technical evolution within the Finance sector that cloud technologies were truly realised. Starting with the easiest of services to untangle, outsourcing had started again but this time with an educated experienced head on the shoulders of the incumbent IT departments. Today the financial market place is a very different landscape and cloud technologies are common amongst regulated and non-regulated industries. You may have heard the phrase “Omnichannel Approach” on numerous occasions and if you haven’t, you will. In this age of digital transformation all business sectors are being affected, not just finance. It is extremely important to have a consistent approach across all aspects of technology and business. To put this into context, the these statistics will speak for themselves:

  • 69% of customers already use the Internet to buy financial products – PWC
  • Mobile banking usage will exceed 1.75 Billion by 2019 representing 32% of the global adult population – Juniper research
  • Nearly 50% of the world’s banks will disappear through the cracks opened by the digital disruption of the industry – BBVA Chairman and CEO Francisco Gonzalez
  • 72% of millennials would be likely to bank with nonfinancial services companies with which they do business (like Google, Amazon), compared to 27% for those over 55 – Accenture
  • The digital transformation is upon us and every industry needs to change!

With the emergence of cloud technologies, the World has never seen such a constantly evolving state of technology as we do today. Just as other industries have changed over the past 5 years including (if you are old enough to remember) the Amazon and Borders struggle where Borders never saw the end coming by the new industry book seller chomping at their heels. The same can be said for many other industries where diversification and strategy go amiss.

However we do have the benefit of hindsight and thus, armed with the knowledge and understanding of more data analysis ever available in our history, the finance sector can not only stay in the game but ahead of the curve.

There are 3 main focus points to ensure you stay ahead of the curve:

1) Be customer focused and achieve excellent customer service. We are living in the “ME” generation and such should accommodate the demanding needs of the youth of today, across whatever medium that is convenient to them. “The majority of Millennials would rather lose their sense of smell than their technology” – Newscred

2) Make the IT Strategy shift to accommodate point 1. The need to change your roadmap of service delivery is essential. Do not think for one minute that the majority of your clients will even pick up the phone to you if they are unhappy, they will not and simply move to one of your competitors. “2/3 of contactless payments since October have been through Apple Pay” – Tim Cook, CEO Apple

3) Data is the new currency in this digital age. Banks have amassed huge amounts of data from their clients, use it. “The vast majority of data never gets used. Only 0.5 percent of all data is ever analysed” – MIT Technology Review

So, this leads onto some predictions for Financial Institutions and technology. We have compiled a “TOP 5” list of emerging trends that we believe will be seen over the next 5 years.

TOP 5 EMERGING TRENDS OVER THE NEXT 5 YEARS

1. ANALYTICS EVOLVED

Big Data is not a new concept and financial institutions have been using big data in one form or another via trading systems for years. Employ a data strategy to cultivate the unstructured information you have already. There are many providers, cultivators and providers of the technology and toolset that can be used. You may of heard of IBM Watson, the artificial intelligence computer that back in 2011 made the headlines by beating former “human” winners of the quiz show Jeopardy? This technology is now mainstream and available at a fraction of the cost of developing anywhere near the same results – cloud based!

2. APP DELIVERY

Application delivery of your products and services is key when your clients have used smart devices from the age of 12 years old. Technically speaking we are in a constant change of major IT Infrastructure, however you should be embracing this change as it will also drive down your cost of ownership. Open source technology, once shunned within regulated industries, is now a major driving force within any industry that requires enterprise IT. OpenStack has emerged onto the scene and has many benefits to your organisation for the orchestration and management of resources. There is also a new way of thinking based around container technology (Docker) which in essence share a single operating system (and binaries) for application delivery without the vast amounts of virtual machines that would normally be required. This technology is in its infancy but is definitely one to watch for the near future.

3. INDUSTRY CLOUDS

There is much debate around public/private and hybrid clouds. Rarely you do hear any talk around industry clouds and the massive benefits that they bring. Imagine a cloud based system that is designed for the financial industry, has the IT Governance applied to the infrastructure that meets regulators requirements and data sovereignty laws, is resilient and meets all of the check points set out by your governing body. Bringing cost synergies of shared implementations of bespoke and expensive vendor infrastructure that is secure. A cloud for your industry, designed by your industry specialists (with the regulators input) that allows you to reduce your expensive staff base of unique skills to manage and secure the technical environment. As well as allowing you access to previously unavailable products and services that would have required a large capex, we’re looking at this as a possibility within the next 5 years.

4. FINTECH INVOLVEMENT

Financial institutions have always been trusted with clients money. We see another potential trend that has started to emerge, financial institutions offering IT Services to accommodate the new currency, data. This would make sense to investigate this business model, just as other industries (tech) have done so offering financial services. We also see financial institutions being more involved, from a Venture Capitalist prospective investing in hi-growth tech startups. This too also makes sense to assist and guide these new breed tech firms, courting them at an early stage of development.

5. DRAAS – DISASTER RECOVERY AS A SERVICE

With the emergence of cloud technologies and providers also comes the reliance of governance from said providers. Disaster Recovery is mandatory for regulated financial firms and this will get more important when outsourcing to cloud providers. Specialist disaster recovery/business continuity providers will be emerging into the marketplace with the knowledge and understanding of not just your technology but also your business. This service is of course available today, however with the added security vulnerabilities that go hand in hand with cloud provisioning, specialist providers will undoubtedly emerge.

At FinTech Connect along with our Partners at Compare the Cloud we monitor the level of comment and debate on cloud in every technology and industry segment. While the use of cloud in the financial services sector is increasing all the time, there is still relatively limited comment and debate on cloud within banking. In the table below we highlight some of those that have been most outspoken on this topic in the last few months.

By Diaz Ayub

The Lighter Side Of The Cloud – Selfie Mania

The Lighter Side Of The Cloud – Selfie Mania

comic-selfies-cloudtweaks

By Christian Mirra

Please feel free to share our comics via social media networks such as Twitter. We fully support the sharing of our comics as long as there is clear attribution (via @cloudtweaks) to the original comic source.  If you are a company brand looking to utilize our comics to generate leads to/on a specific landing page, newsletter, presentation or social media campaign, you can contact us regarding commercial licensing rates. 

Cloud Adoption: Tips and Considerations

Cloud Adoption: Tips and Considerations

Cloud Adoption

If your organization is currently planning a move to the Cloud, then you will want to know all the details about Cloud Adoption and find out the challenges in deployment, management and automation phases. Savision, recently released two whitepapers written by Microsoft MVP Alessandro Cardoso that are focused on Cloud Adoption from two different perspectives: Business and Technical. The whitepapers provide you with some tips and considerations to keep in mind before, during, and after the process of Cloud Adoption, depending on your role within the organization.

Business Whitepaper – ‘Investing in the Cloud: Assessing IT & Business Requirements’.
Technical Whitepaper – ‘The Technical Challenges of Cloud Adoption’.

To complement the whitepapers, MVP Alessandro Cardoso will host one webinar on each topic. Would you like to know more?

Download the whitepapers and register for the webinars now.

Cyber Breach Much Worse Than Reported

Cyber Breach Much Worse Than Reported

US Government OPM Cyber Breach Much Worse Than Reported

The much publicized breach at the US government Office of Personnel Management (OPM) in May this year was much more serious than initially reported, in terms of the number of people affected, the quality of information breached, as well as the probable cost to American taxpayers.

While the breach was widely publicized shortly after it occurred, were revealed in a recent quarterly report released by NTT Group security company Solutionary. Our report published last week outlines the most prevalent types of cyber attack, as well as the most commonly identified forms of malevolent activity worldwide that were contained in the 22-page report. It also drew attention to the fact that more malware attacks occur in the US than in any other country in the world.

The OPM breach is covered in some detail in the second quarter Solutionary report. Ultimately, it states that this government breach won’t just affect people at this point in time, but it will also affect others in future, and is likely to impact on the integrity of any background investigation processes relating to millions of people for the next 10 to 20 years.

OPM is going to have to increase its identity threat protection services, and according to the report, will cost US taxpayers in excess of $220 million. Furthermore, these services won’t cover every taxpayer.

Extent of the OPM Breach

shutterstock_247202548

When the OPM breach was first discovered, the number of people said to be affected was four million. This figure quickly rose to 22 million, though the Solutionary report states this is probably a very misleading figure. The issue is that the records accessed were not only those of government employees, but also included personal data about family members and even friends, and so the number of people affected is likely to be closer to 132 million, and even this could be conservative. However the authors of the report state it will probably never be known just how big the breach was, but it is likely to have been “the biggest loss of private information ever.”

And it’s not just about numbers, but rather the “quality” of data that was accessed. The breach involves 127-page forms that require a huge amount of information, from names, addresses over the last 10 years, schools attended, social security numbers, passport numbers, financial statements and health statements. In a nutshell the information covers what you would expect to find in a combination of bank, employment, medical and school records.

While OPM hasn’t confirmed whether FBI, NSA, and CIA forms were classified or protected sufficiently to have escaped the breach, there is a possibility that they weren’t; and if not, someone with “malevolent intent” could do a lot of damage. Unfortunately, the report states, there is not way to know whether individuals at these government agencies are compromised or not, and it could take 10 to 20 years to find out.

Cost of the OPM Breach

The “real costs” associated with the OPM breach relate primarily to credit protection services the government has offered 4.2 million victims via the identity theft protection company, CSID for 18 months. An additional 22 million people will probably receive similar service – with costs likely to amount to an additional $200 million. High risk, as well as critically and specially sensitive individuals will also have to be vetted again to ensure they are in fact trustworthy. While it is not known how many people will be affected, based on the OPM charge of $4,000 for a “single scope background investigation,” if only 20 percent of the 22 million need to do this, it will cost another $18 million.

These costs don’t include lost services or any costs that could be incurred if or when victims are compromised further at a later stage.

This may not only be the biggest loss of sensitive information ever, but it may very well ultimately rank near the most expensive,” the report states. Further, since OPM isn’t the US federal government’s largest agency, and since the breach was discovered by accident, if these same levels of control are in place at larger agencies, the potential for similar breaches is very real.

By Penny Swift

Leveraging Carrier Ethernet To Connect To The Cloud

Leveraging Carrier Ethernet To Connect To The Cloud

Connecting To The Cloud

Determining the Best Cloud Connectivity Solution

With the Cloud only being as good as employees’ ability to effectively access it, the overall user experience depends highly on enterprise network connectivity. Today, the Internet is the predominant method to connect to Cloud applications services. Internet connectivity is readily available in all markets. The challenge is that larger enterprises are hesitant to move mission-critical applications to the Cloud when delivered via the Internet due to concerns with security, network performance, data governance and regulatory compliance.

Internet Challenges

shutterstock_269385017

To date, many companies have used the public Internet as their principal method of connecting to and consuming Cloud application services. While Internet connectivity is well-suited for Web research, email and accessing shared business Software-as-a-Service (SaaS) applications, the Internet is a shared network resource that does not have the performance required for more complex Infrastructure-as-a-Service (IaaS) computing, storage and business-critical applications such as Open Source Software (OSS) and SAP used by large, distributed workforces. Moreover, the public Internet cannot be used for connecting to the Cloud by organizations requiring a more secure connectivity solution to comply with certain regulatory guidelines, such as healthcare or financial verticals require.

As Cloud computing proliferates and both connectivity as well as applications grow in complexity and requirements, the industry is seeing a fundamental shift in how enterprises connect to and consume the Cloud. To address some of these early concerns, a more reliable, higher performance connectivity solution is needed to continue the exponential increase of Cloud adoption.

Carrier Ethernet for Cloud Connectivity

shutterstock_173451446 (1)

(Image Source: Shutterstock)

Ethernet Private Line (EPL) has become the connectivity technology of choice for enterprises to directly connect to a Private or Public Cloud service provider at a data center. With its unique service attributes, Carrier Ethernet also supports virtual connectivity to multiple Cloud services. Ethernet Virtual Private Line (EVPL) services enable an enterprise to leverage existing connectivity for multiple services.

Overall, Carrier Ethernet is well-suited to make Cloud connectivity simple with:

  • Secure Connections – Connecting to the Cloud via a dedicated, private Ethernet connection ensures increased security, performance and scalability over the shared resources and unpredictability of the public Internet, whether choosing an EPL with a dedicated port or an EVPL service with assigned Quality of Service (QoS) by service type.
  • Predictable QoS – Designed for both business traffic traversing corporate networks as well as data being sent over supplier networks, Carrier Ethernet delivers end-to-end QoS, flexible bandwidth and desired levels of performance due to its ability to prioritize applications, users, or data / traffic flows. The technology supports multiple classes of traffic, including VoIP, videoconferencing, client / server, streaming video, email, FTTP and HTTP, and minimizes latency, jitter, delays and packet loss to ensure more predictable performance.
  • Normalized Last-Mile Delivery – Last-mile connections account for 82 percent of all downtime-related activity, 68 percent of overall network cost and 99 percent of complexity found in the network market today. Carrier Ethernet provides scalable bandwidth and flexibility in the number of technologies that can be leveraged to deliver standardized EPL and EVPL services. A network marketplace aggregates the broadest range of these Ethernet Services to enable the right connectivity to each location.
  • Consistent Implementation Across the Globe – The standardization of Carrier Ethernet led by the Metro Ethernet Forum (MEF) ensures that users can expect the same attributes, management support and service levels globally. This consistency enables simpler, more efficient Cloud connectivity for enterprises with locations all over the world.
  • Ability to Add New Services – Today, large enterprises rarely use just one Cloud service. In fact, different organizations within global enterprise can use multiple different Cloud software, platforms or infrastructure. Enterprises can leverage EVPL to spin up dedicated, secure and QoS-based connectivity to multiple Cloud services over one reliable shared Ethernet circuit. This saves them the cost of additional Ethernet connections on their equipment.
  • End-to-End Performance – Carrier Ethernet also enables enterprises to gain end-to-end visibility into the performance of these services. The traditional best-effort delivery model is not adequate for Cloud service connectivity. As network traffic increases, congestion and inappropriate data prioritization become issues that can seriously affect traffic flows and delivery. Service providers must guarantee, monitor and manage predetermined quality of service, regardless of traffic levels. Carrier Ethernet services that ensure service level agreements are met under normal and congested conditions require end-to-end visibility across technologies and networks. Network Interface Devices (NIDS) offer visibility into service performance along with improved test and turn-up.
  • Simple Network Design, Pricing, Ordering and Management – By leveraging a marketplace of networks, an efficient and cost-effective platform highlighted in the article: “A Marketplace of Networks: Simplifying Enterprise Cloud Connectivity”, enterprises can connect their entire Cloud ecosystem – from network design to pricing, ordering, service delivery and ongoing management – with one platform, simplifying the service lifecycle.
  • Connectivity to High-Demand Destinations – Network marketplaces have pre-established External Network-to-Network Interfaces (ENNIs) and peering points to Cloud service providers, the Internet and other application service providers leveraging virtual cross-connects over Ethernet to quickly provision and turn-up new services. By creating aggregated connectivity to the Cloud, enterprise customers can directly connect their Cloud services into their Wide Area Network (WAN) environments.

With this in mind, it is clear that Carrier Ethernet is critical to meet the requirements for delivering external Public, Private and Hybrid Cloud services. In subsequent installments of our monthly Cloud connectivity CloudTweaks articles, we’ll further explore the challenges of connecting to Private, Public and multiple Clouds. We will also examine how EVPL provides secure, reliable connectivity to business applications found in multiple Clouds, enabled through the same secure, direct Ethernet connection being leveraged for other enterprise services.

By Mary Stanhope

Controversial Cybersecurity Bill A Threat To Privacy

Controversial Cybersecurity Bill A Threat To Privacy

Controversial Cybersecurity Bill

As the US Senate prepares to vote on the controversial Cybersecurity Information Sharing Act just days before the August recess, the Department of Homeland Security (DHS) has warned that the privacy of US citizens and organizations may be compromised. The DHS has also warned that the proposed legislation might slow down response to cyber attacks, and therefore be counter productive.

Additionally, a number of IT firms and privacy advocates are convinced that the proposed legislation will make it much easier for the National Security Agency (NSA) to acquire corporate and personal information that it not related to cybersecurity.

The new cybersecurity bill aims to create incentives that will encourage companies to share information of cyber threats with the federal government, and has generally been welcomed. But potential threats to privacy and other issues could stall implementation of the legislation until next year, because there simply isn’t enough time to debate issues before the upcoming recess at the end of this week.

Privacy Threats

privacy-threats

(Image Source: Shutterstock)

An active privacy advocate, Senator Al Franken (Democrat) has made public a letter to him from the deputy secretary of the DHS, Alejandro Mayorkas that indicates if the bill is passed in its current form, it could undermine the cybersecurity objectives of the nation as a whole. It would also threaten “important privacy protections and civil liberties.

Senator Bernie Sanders (Democrat), who is running for president, has proposed an amendment to the Cybersecurity Information Sharing Act (CISA) that will establish a group that will investigate the implications relating to privacy and how data gathered might be used. Essentially he wants transparency for consumers and for government because of the real threat of modern technology on the privacy of Americans. His argument is that public policy has been outpaced by technology, and already “a huge amount of information” is being collected about individuals from where they go to what they do.

Also an active advocate for the individual right to privacy, Sanders voted against the USA Freedom Act earlier this year, because he said it did not safeguard privacy. Amongst other things, the legislation, enacted in June this year, “reformed” the way federal government conducts electronic surveillance, uses trap and trace devices, gathers information for counter-terrorism, foreign intelligence and criminal purposes, and accesses business records.

Two other senators, Dianne Feinstein (Democrat) and Richard Burr (Republican), have also proposed changes to the bill that will limit what government can do with information shared. For example, they say it should only be used for cybersecurity purposes and not to prosecute criminals, even in the case of “serious violent felonies.”

Calls to Pass the Bill Immediately

This is the third time a cybersecurity bill of this type has been presented to the Senate. To prevent it being stalled a third time, the US Chamber of Commerce – a very influential body – has urged “every member” to pass the Cybersecurity Information Sharing Act of 2015 immediately. When the bill was approved by the Senate’s Intelligence Committee in March this year there was only one vote against it – that of Senator Ron Wyden (Democrat) who continues to push for amendments before it becomes law.

Mitch McConnell, Senate Majority Leader (Republican) has also urged senators to pass the bill immediately.

If the bill is passed this week, it will still need to be “reconciled” with cybersecurity bill passed by the House of Representatives in April. Only then can it sent to President Barack Obama for signing into law.

By Penny Swift

CloudTweaks Comics
Public vs. Private vs. Hybrid: Which Cloud Is Right for Your Business?

Public vs. Private vs. Hybrid: Which Cloud Is Right for Your Business?

Public vs. Private vs. Hybrid The debate surrounding the deliverability of cloud computing is coming to a close. Businesses have begun to rapidly adopt the use of cloud services, courtesy the ROI this disruptive technology brings to the table. They have finally realized they cannot afford to ignore the cloud. A Forrester study found that…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Is The Fintech Industry The Next Tech Bubble?

Is The Fintech Industry The Next Tech Bubble?

The Fintech Industry Banks offered a wide variety of services such as payments, money transfers, wealth management, selling insurance, etc. over the years. While banks have expanded the number of services they offer, their core still remains credit and interest. Many experts believe that since banks offered such a wide multitude of services, they have…

What Top SaaS Vendors Do To Ensure Successful Onboarding

What Top SaaS Vendors Do To Ensure Successful Onboarding

What Top SaaS Vendors Do I am not going to mention names in this article, but if you want to be the best, you must look at what the best do – and do it better. The importance of investing in SaaS onboarding can be easily overlooked in favor of designing efficient and powerful software…

Cloud Infographic – Guide To Small Business Cloud Computing

Cloud Infographic – Guide To Small Business Cloud Computing

Small Business Cloud Computing Trepidation is inherently attached to anything that involves change and especially if it involves new technologies. SMBs are incredibly vulnerable to this fear and rightfully so. The wrong security breach can incapacitate a small startup for good whereas larger enterprises can reboot their operations due to the financial stability of shareholders. Gordon Tan contributed an…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services Cloud Banking Insights Series focuses on big data in the financial services industry and whether it is a security threat or actually a massive opportunity. How does big data fit into an overall cloud strategy? Most FI’s have a positive mind-set towards cloud IT consumption as it not only enables…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…