Digital Discourse / Software Events / Cloud/Gov

Tech Policy Forecast for Remainder of 2011

August 10, 2011 By

With most of the policy activity in Washington quieting down during the August congressional recess, we thought it would be a good time to look forward and provide an update of the activity we anticipate on many of the key policy issues affecting the software and information industries.  As we’ve reported in the past, we expect a flurry of activity on several issues, from patent reform to data security.

Intellectual Property
Patent reform sits atop the agenda when the Senate returns in September.  Prior to adjourning for August recess, Sen. Majority Leader Harry Reid (D-NV) filed cloture on the motion to proceed to H.R. 1249, the Patent Reform bill passed by the House of Representatives in June. The Senate will consider the cloture motion on Tuesday Sept. 6, and the legislation is expected to be voted on later that week.  Indications are that several amendments could be considered, including a likely attempt to revisit the funding allocations provided in the House bill.  This looks to be yet another significant step towards enactment of patent reform, but any changes to the legislation would require it to go back to the House again.

September also looks like it could be a big month for rogue website legislation (aka PROTECT IP Act).   SIIA and supporters will continue to push throughout the recess for a Senate vote on the legislation in the near future.  While in the House, we anticipate the House IP Subcommittee rogue website legislation to be introduced and considered in the first few weeks of September.  The House bill is likely to be somewhat broader in scope than its Senate counterpart.

Cybersecurity
Despite the heavy focus on cybersecurity in the first half of this year, there are still many outstanding issues and a general lack of bipartisan consensus on the path forward.  And while there is no shortage of legislative proposals, including major comprehensive proposals from the White House and two major Senate committees, there many key issues remain unresolved.  That said, it’s likely that progress will continue.  The House Republican Cybersecurity Task Force is scheduled to make a recommendation in the fall, and the Commerce Department is hoping to finalize a white paper reflecting revisions to their recent Green Paper on the “Internet, Information and Innovation Sector (I3S)”.  But it’s still unclear how the Senate will proceed, and whether the effort led by Majority Leader Reid to draft comprehensive legislation will be introduced by the end of the year.

But what is clear is the desire to by some to advance legislation establishing a national framework for data security and data breach notification.  The House Commerce Committee is hoping to consider the SAFE Data Act in early September, what will be a modified version of the legislation that passed out of the Commerce Sbcmte. in July.  Given the strong bipartisan support federal legislation on this issue, it’s one of the areas where the opportunity for advancement is greatest.  That said, there are still fundamental disagreements over such key issues as the definition of personal information, and the details of notification requirements, among others.

Cloud Computing
All eyes remain on the EU, as the cloud consultation is ongoing and comments are being collected until the end of August. The Administration is the other key center of focus, with cloud champion Vivek Kundra stepping down and Steven VanRoekel taking the helm.  The ongoing efforts led by NIST to develop a Federal Cloud Computing Roadmap and accelerate the adoption of key standards are still on track for release this fall.  And indications are that FedRAMP is moving forward and further details will be made available in early September, with the Program launched in later this year. While all this adds up to continued progress within the Administration to implement the Cloud First Initiative, the incredibly tight fiscal environment will also be a factor, quite possibly in providing a greater incentive to look to the cloud for cost savings. As for the lack of cloud computing legislation being introduced yet, it seems that our efforts in warning policymakers about the potential harm of this approach have been effective thus far.

Education Technology
Reauthorization of the No Child Left Behind Act, now nearly a decade old remains at the top of the education policy agenda. While the House Ed & Labor Cmte. has approved 3 related bills, none have yet to go before the full House; and the Senate bipartisan working group has yet to yield agreement.  In terms of crystal ball gazing, amendments to the law seem unlikely before the election. As a result, the Obama Administration has just announced its plans to provide state waivers, with rules expected to be issued in September.  Meanwhile, on the appropriations front, the outlook is for cuts across the board due to the debt reduction efforts.  On both fronts, SIIA continues to advocate for programs, uses of funds, regulations and funding to support learning technologies and related training.

Privacy
An issue that dominated the high-tech policy headlines for much of the first half of the year, the days leading up to the recess were quiet on the privacy front – relatively speaking.  More than a dozen bills have been introduced and many are awaiting action, and two key papers are expected to be released by the Administration this fall, the Commerce-led white paper, and one from the FTC.  Additionally, issues associated with mobile privacy, so called “location tracking,” gained a lot of attention by policymakers over the last several months, and this issue further complicates an already challenged agenda to increase regulations in this area.  Overall, while the likelihood of any new laws or regulations on the privacy front are not terribly high, the policy focus on privacy should be heavy again through the end of the year, and much of the debate will set the stage for 2012.

So those are the highlights of what you can expect for the remaining four months of 2011; it looks pretty busy!

For SIIA policy updates including upcoming events, news and analysis, subscribe to SIIA’s weekly policy email newsletter, Digital Policy Roundup.

Share|
Filed Under: Anti-Piracy, Cloud/Gov, Digital Policy Roundup, Policy, Software

SIIA releases guide to cloud computing for policy makers

July 26, 2011 By

Today, SIIA released an authoritative guide to cloud computing for policymakers. The white paper provides a roadmap for fostering the development of the cloud and harnessing its full economic potential.

Cloud computing doesn’t require legislation or regulation in order to safely and rapidly grow. In fact, cloud-specific regulations could impede the industry from realizing its full potential as a key economic engine. Policymakers should join with industry to foster best practices and see that they are properly enforced.

Cloud computing already provides a favorable environment for applying many security measures, it provides a strong engine for growth across businesses and regions around the world, and it can lead to greater choice and lower prices for consumers. SIIA encourages policymakers to promote open standards for software and data interoperability and embrace a global approach that allows for the unrestricted transfer of data across borders.

In order to reap the full economic benefits of cloud computing, policymakers should:

1. Avoid cloud-specific rules and policies, in favor of policies that apply broadly to a wide range of technologies and services, and those that maintain a level playing field for cloud computing and all approaches to remote computing and data storage.

2. Promote open standards for software and data interoperability and avoid policies that would favor one particular business model or technology over another.

3. Promote policies that allow to the greatest extent possible, unrestricted transfer of data across borders.

4. Encourage rules governing data to travel with the data in order to adequately recognize varying jurisdictional requirements, and ensure data subjects do not lose protection when their data is stored and processed in the cloud, or in any remote computing environment.

5. Avoid localization mandates, or any policies that would give preference to data processors using only local facilities or operating locally.

6. Seek interoperable privacy regimes in which countries recognize each other’s privacy rules to the greatest extent possible.

7. Embrace a global approach to cybersecurity that recognizes the global nature of interconnected systems and provides for data to be protected regardless of where it is located, and that seeks international consensus standards that avoid fragmented, unpredictable national requirements.

View the full report, or get the highlights in the executive summary.

Check out coverage in Post Tech and PC World.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Policy, Policy - Cloud Computing, PSIG, Software, Software Events Tagged With: , ,

Debunking the Myths of Cloud Computing: Cloud Computing Is not Secure

June 21, 2011 By

Cloud computing myth #1: “It isn’t secure”

In fact, cloud computing can deliver greater security at lower cost. As the Obama Administration recently said, “Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations.” So why does the myth persist?

In cloud computing, a provider houses and processes the data outside of the facilities and administrative control of the enterprise that owns it. Contractual arrangements and guarantees have to substitute for institutional security measures. This puts a premium on the proper selection of the cloud provider, and that can be scary.

But finding the right cloud provider doesn’t create inherently greater security risks. In fact, storing and processing data in the cloud can increase information security, reduce risks of unauthorized access, and save information security resources.

It is true that storing information in a central place creates a greater incentive for hackers–Willie Sutton robbed banks because that’s where the money was. The more money in the bank vault, the more interested Willie would be. The same is true of information gold: large concentrations of valuable information attract thieves.

But precisely for that reason providers of large data centers take extra precautions. For private clouds, there is really no difference between a large amount of data stored on premises and the same amount stored in a remote facility. They both have to be protected and the safeguards are largely the same. In a public cloud where data from several customers are combined in the same facility, special administrative and physical controls are used to provide adequate protection.

The advantage of centralized data storage is economies of scale, as Darrell West pointed out at a recent Brookings Institution event on cybersecurity. The combined nature of computing resources in the cloud enables providers to enhance such key security techniques as prediction and detection of threats, and to provide for quick remediation through streamlined installation of solutions. A small company cannot afford to hire the best security experts or keep up with the latest and most expensive control technology. But a large data center can. For this reason, cloud storage for smaller companies is more secure than local storage.

There’s no question that providers of multi-tenant cloud architectures must take special precautions. But that is true in many industries. To meet the special needs of the payment card industry, the card networks developed the Payment Card Industry Data Security Standard (PCI DSS), which put in place specific requirements for those who store process or transmit cardholder data. The same can take place in the cloud industry pursuant to a variety of information security initiatives.

Some have thought that special security needs for an industry should mean special security laws for that industry. But that is a mistake. The payment card industry developed PCI DSS autonomously – with no involvement of regulators or legislators. Moreover, regulators should not be mandating specific standards because it can freeze innovation where it is needed most–in developing new techniques to protect data. For this reason, special security laws applicable only to the cloud environment are not necessary.

Can the cloud be new and scary from the point of view of information security? Yes. But it is important to locate the true source of the fears. It is not an intrinsic riskiness of the cloud environment. The cloud is as safe as or safer than on-premises computing. The real concern should be finding the right provider who can deliver the increased security that the cloud makes possible. The industry needs to develop mechanisms that can help cloud customers make this decision with a greater sense of confidence.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Government, Policy, Policy - Cloud Computing, PSIG, Software, Software Events Tagged With: , ,

Member video: Cloud First: Taking a centralized approach to service delivery

March 14, 2011 By

Bobbie Browning, SVP at GovDelivery gives her perspective on cloud computing at the 2011 SIIA Cloud/Gov conference in Washington DC. More info and conference media:

Share|
Filed Under: Cloud Computing, Cloud/Gov, Events, Government, Software, Software Events Tagged With: , , , ,

Member video: Cloud 2, The next phase of cloud computing

March 10, 2011 By

Dan Burton, SVP, Global Public Policy at salesforce.com gives his perspective on cloud computing at the 2011 SIIA Cloud/Gov conference in Washington DC. More info and conference media: http://www.siia.net/cloudgov

Share|
Filed Under: Cloud Computing, Cloud/Gov, Events, Government, Software, Software Events Tagged With: , , ,

Member video: Google Apps, the cloud file server

March 9, 2011 By

Gil Zimmerman, CEO & Co-Founder, Aprigo gives his perspective on cloud computing at the 2011 SIIA Cloud/Gov conference in Washington DC. More info and conference media: http://www.siia.net/cloudgov

Share|
Filed Under: Cloud Computing, Cloud/Gov, Events, Government, Software, Software Events Tagged With: , , ,

Member video: How can cloud computing benefit the Federal Government?

March 8, 2011 By

Kevin Paschuck, VP, Public Sector at RightNow Technologies offers his perspective on cloud computing at the 2011 SIIA CloudGov conference in Washington, DC.

Share|
Filed Under: Cloud Computing, Cloud/Gov, Events, Government, Policy, Policy - Cloud Computing, Software, Software Events Tagged With: , , ,
« Older Posts
Newer Posts »