Microsoft is lobbying Congress to pass something they call the Cloud Computing Advancement Act. It would modify three areas of internet policy related to privacy, security and international issues. I'm not sure how I feel about this. Depending on the specified language involved, this could be a good or bad thing.
Whether it's an oil refiner, automobile manufacturer or software development company, when private entities involve themselves in public policy, there's always a danger of self-interest overwhelming public interest. Technically, Microsoft is a public company, due to its publicly-traded status, but it begs the question; who are they really trying to protect?
If and when I see the actual language of this proposed Act, I might be able to give an opinion on that. In the meantime, I'll give them the benefit of the doubt. After all, sometimes private and public interests dovetail. Maybe what's good for Microsoft in this instance is also good for the rest of us.
The Cybersecurity Enhancement Act of 2009 (HR 4061), introduced by the federal House Science and Technology Committee, passed February 4th. Its stated purpose: "To advance cybersecurity research, development, and technical standards, and for other purposes."
What does it mean? Essentially that the government will spend $396 million over the next four years to encourage cybersecurity best practices and standards.
Senate Bill S.773, the Cybersecurity Act of 2009, is Senator John Rockefeller's version, but isn't as far along.
Person1: Did you set up a password for the system?
Person2: I sure did. It's "Cabaret+FiddlerontheRoof+Camelot+Sacramento"
Person1: What kind of a crazy password is that?!?!?!
Person2: Well, the network administrator said it should include at least three numbers and one capital!
But seriously, folks…check out this great article from the New York Times on the sad state of affairs of passwords. 123456? Do you want people to steal all of your stuff???
If you read my fellow e-discovery bloggers (and I hope you do), they’ve posted a lot on cloud computing lately – and for good reason.
A few weeks ago, I wrote about the risks of ‘off-site’ data management. I didn’t refer to it as cloud computing because I was taking a macro view, including items such as off-site media storage and disaster-recovery services.
I happened to come across this article about the subject in the Washington Post, and I really liked their ‘what if’ approach. Anyone who reads my posts knows that I promote “healthy paranoia”. I’m always warning about the ‘what-ifs’. Don’t be too critical of me, though. I come by it honestly since it’s my job to be paranoid for my clients. They pay me to anticipate what could go wrong – not what could go right.
As I constantly tell people, you don’t need a lock on your front door until the day someone tries to break in. But then again, if you live your life in its entirety this way, then I guess you don’t insure your car, either, because you won’t need it until you get into an accident.
Security has to play a major role in any e-discovery plan, especially one that will rely on ‘others’. Better you should be on ‘Cloud 9’ than walking in the rain…
NOTE TO MY READERS: I will be out of state next week working on a case. I don’t think there will be an opportunity to post, so please bear with me. I’ll try to get something up as soon as I’m able.
There’s nothing to add to this story. Apparently, blueprints and other information about the Presidential helicopter, Marine One, were snatched from a defense contractor’s supposedly-secure computer system by someone with an Iranian IP address. How secure is your data?