It’s been quite some time since I’ve written about Cloud Privacy specifically. Wow, 2011? Really! Anyway, the IAPP and CSA deemed fit to hold a joint conference that brought the concepts of cloud and privacy front and center. If you’d like to learn more, head on over to the Collaborista Blog where I share some of the insights I learned. Here is a preview
Last week I attended a joint conference of the International Association of Privacy Professionals (IAPP)
and the Cloud Security Alliance(CSA) in San Jose, California. Cobranded as the Privacy Academy/CSA Congress, the joint conference recognized the increasing importance and interdependence of the two disciplines, cloud security and privacy. The barely three day event was filled with nearly 100sessions, including six keynote speakers and nine preconference workshops. Choosing which sessions to attend was almost as hard as defending the cloud from cyber-attacks; there were just too many interesting topics.- See more at: http://blogs.intralinks.com/collaborista/2014/09/cloud-security-privacy-get-married-san-jose/#sthash.DT5ZoCni.dpuf
As soon as I have some space time, I’ll be devoting a lengthy blog here to the problem of collective action in cloud contracting and its impact on security and privacy.
In my last blog post, I discussed the importance of location in data protection. Not physical location but rather legal, political and logical location — which will be the driving factors of data storage in the coming years.
A mere three days after my previous post, a Federal judge upheld the validity of a warrant to Microsoft for email stored by its Irish subsidiary. Microsoft has vowed to continue its fight to protect the privacy of its users from extraterritorial demands. But the ruling….. read the rest of post at the CollaboristaBlog.
For years, I was a big fan of Google. It just had some awesome services and generally seemed to be a good company but I’ve lost most faith. It’s too big, too all consuming, too powerful and ultimately too Evil. I’ve been SLOWLY moving away from Google for the past 2 years but it’s been a slow migration. I have most of my business mail now going to @privacymaverick, @enterprivacy and @rjcesq.com emails. I still need to get my personal mail off Gmail. Also last year, I moved this blog as well as a few others off blogger.com. I’ve never really used G+ though my email does have an account that I keep having problems as a result of. (Don’t get me started about it).
I still have many other services that I need to extract myself from. Luckily Google isn’t evil in letting people leave. I still need to get off Calendar and Docs. However, the biggest challenge is going to be Android. I certainly don’t want to go to Apple. I hate the closed ecosystem they represent. Windows phone perhaps? How is Firefox OS doing?
On another completely unrelated note, over at Enterprivacy Consulting Group‘s blog, I talk about the lessons from Snapchat and the perils of investing in technology without considering privacy.
As many others have pointed out, cloud computing is really nothing new. Before it was called cloud computing, application service providers (ASPs) provided software not as a downloadable product but as an online service. Really, what has changed is the acceleration of software (or infrastructure, data or platforms) as a much more modular and turnkey service. Service providers have minified the transaction costs of software (or hardware). Whereas before purchasing new or additional services took time and effort (i.e. transaction costs) on the part of both the seller and buyer, now it can be requisitioned and provisioned with a few clicks of a mouse, the so-called utility model; one just increases demand by adding more consuming devices and the utility provides.
However, shrinking transaction costs for efficiency means that there is no longer room for substantial negotiations between provider and consumer. This leads to a gap in the needs of the consumer for certain protections (e-discovery, retention, security, privacy etc) and the desires of the provider to limit liability and provide a one size fits all service. Bigger clients, which may command attention and have some bargaining power, make it more difficult for service providers to provide a simple cheap service because of the need for negotiation. I’m suggesting the end result is probably a stratification of service providers in differing industries (or geographically) in order to limit the need for negotiation with clients who have differing needs.
Privacy provacateur by day, distributed network promoter by night.