Digital Discourse / Archives for Security

Webinar – Critical Success Factors for an Enterprise Mobile Strategy

December 12, 2012 By

Webinar Description

Organizations must fully develop an enterprise mobile strategy that considers both employee and customer facing aspects of today’s continually expanding use of mobile technologies. It is important to consider the customer experience as they launch new products, services, and applications. Grant Thornton LLP brings the perspective of working with both ISVs and the consumers of their products in a business advisory capacity. This recorded webcast focuses on several key aspects of an enterprise strategy:

  • Key criteria for an Enterprise Mobile Strategy
  • Application architecture- Is it ready for mobile
  • Planning for BYOD within the enterprise
  • Deployment interface
  • Importance of security

Click here to download the slides.

Presenters
Tony Hernandez, Principal, Business Advisory Services, Grant Thornton LLP
Mike Barba, Manager, Business Advisory Services, Grant Thornton LLP

Share|
Filed Under: All About the Cloud, Mobility, Software Tagged With: , ,

SIIA, Industry Gather at White House to Pledge Leadership Role in Stopping Botnets

May 30, 2012 By

At a White House event today, the Software & Information Industry Association (SIIA) expressed a commitment to working with the Administration to address the growing dangers posed by botnets. SIIA is part of a multi-industry group that today announced its Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace. SIIA President Ken Wasch and representatives of other industry groups were joined by Cybersecurity Coordinator Howard Schmidt, Secretary of Homeland Security Janet Napolitano, other administration officials and industry leaders including Michael DeCeasare CEO of McAfee.

As the leading organization representing software and digital media companies, SIIA and its members are at the forefront of the fight against botnets and other forms of Internet security threats. For example, McAfee provides a suite of tools for consumers and businesses to keep their systems free of infections and to remove malware and botnets from their infected systems. And Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware.

SIIA is committed to addressing botnet security threats by working collaboratively with the government and by promoting the work of our members. It is vital that industry and government work together to ensure that public policy encourages private sector innovation and flexibility. After all, it is the products and tools produced by companies such as McAfee and Google that are empowering consumers and businesses to fight Internet security threats.

To that aim, SIIA is part of the Industry Botnet Group (“IBG”), which was formed earlier this year to collaborate on and encourage voluntary efforts to reduce the effectiveness of botnets. Botnets infect computers, threatening the trust and confidence of online users and undermining the efficiencies and economic growth spurred by the Internet. The IBG’s principles call on Internet participants to coordinate and communicate with each other and voluntarily work to fight the effectiveness of botnets across the botnet lifecycle. More information is available at www.industrybotnetgroup.org.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Security, Software Tagged With: , ,

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,

Congress: Let’s Battle Cyber Crime Together

December 1, 2011 By

Cyber threats are more sophisticated and targeted than ever and are growing at an unprecedented rate–and it makes sense that Congress is paying more attention to such a significant issue.

Today, the House Small Business Committee held a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., testified on behalf of SIIA. And yesterday, Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) unveiled new bipartisan cyber security legislation to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

There’s no doubt that American companies need help dealing with cyber crime. McAfee Labs finds, for example, that both malicious URLs and malware have grown almost six-fold in the last two years, and that 2010 saw more new malware than all previous years combined. Likewise, cyber crime perpetrators have evolved from simple, low-budget, hackers into well-financed criminal operations that contribute to a multi-million dollar cyber crime industry.

But Congress must be careful to allow companies to attack cyber crime head-on, without limiting their ability to innovate and grow.

There are two schools of thought on government’s role in achieving a desired outcome:  one that posits that regulatory mandates are the best way to incent good behavior (in this case, strong cyber security measures); and, alternatively, one that asserts that positive outcomes are best achieved via positive incentives.  

The heavily regulatory approach would not necessarily make organizations more secure – just more compliant. And it would dampen innovation too. On the other hand, positive incentives have a higher probability of success in two ways: a higher chance of better actual outcomes, and a higher probability of producing legislative success.  The private sector responds to incentives, and aligning the interests of the private sector with the outcomes that are in the national interest makes sense. Doing so could also provide rare proof that the phrase “win-win” is not always a cliché. 

Postive incentives are clearly the most effective way to drive higher levels of trust and actual cooperation between the private sector and government – vital things needed to produce real success.

Learn more about today’s testimony on McAfee’s blog.

Laura Greenback is Communications Director at SIIA.

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With: , , ,

FTC urges tweaks to COPPA, Senate still pressing data security and NIST Building Cloud Roadmap

September 20, 2011 By

Big news on the privacy front last week, on Thursday the FTC issued its long awaited proposal to revise COPPA (the Children’s Online Privacy Protection Act). The proposed amendments pose some significant challenges, including expanding the type of data covered by COPPA, including geolocation information and other “persistent identifiers” such as cookies for behavioral advertising. The amendments would also revise the means by which companies must notify parents and put in place new security measures to protect kids’ sensitive information. SIIA is reviewing, and comments on the proposed amendments are due Nov. 28th.

Also last week, the Senate Judiciary Committee was unable to advance any of the privacy/data security bills at its markup on Thursday due to a lack of Republican members to constitute a quorum. And the exchange between Chairman Leahy (D-VT) and Ranking Member Grassley (R-IA) revealed considerable concerns from the Republican side of the Committee that the bills present too great a new regulatory burden on businesses. The bills (S. 1151, S. 1408 and S. 1535) are again scheduled for consideration this Thursday. And not to fall behind Judiciary, Commerce Cmte. Chair Rockefeller (D-WV) scheduled–but then quickly postponed–consideration of his rival legislation, the Data security Breach Notification Act (S. 1207).

With cloud computing generating a lot of buzz in Washington recently, a couple very significant developments went little noticed. That is, NIST recently released two more key guidance documents aimed at accelerating the U.S. Government adoption of cloud computing. One is the Draft Reference Architecture, and the other the Draft Standards Roadmap. Both documents are key elements of the broad Cloud Computing Roadmap to be released in early November, seeking to provide key guidance to Federal agencies in their effort to implement the Administration’s Cloud First Policy.

Finally patent reform is officially in the books–the U.S. code, that is. On Friday, President Obama signed and officially enacted the America Invents Act (H.R. 1249, PL 112-29).

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: , , , ,

SIIA releases guide to cloud computing for policy makers

July 26, 2011 By

Today, SIIA released an authoritative guide to cloud computing for policymakers. The white paper provides a roadmap for fostering the development of the cloud and harnessing its full economic potential.

Cloud computing doesn’t require legislation or regulation in order to safely and rapidly grow. In fact, cloud-specific regulations could impede the industry from realizing its full potential as a key economic engine. Policymakers should join with industry to foster best practices and see that they are properly enforced.

Cloud computing already provides a favorable environment for applying many security measures, it provides a strong engine for growth across businesses and regions around the world, and it can lead to greater choice and lower prices for consumers. SIIA encourages policymakers to promote open standards for software and data interoperability and embrace a global approach that allows for the unrestricted transfer of data across borders.

In order to reap the full economic benefits of cloud computing, policymakers should:

1. Avoid cloud-specific rules and policies, in favor of policies that apply broadly to a wide range of technologies and services, and those that maintain a level playing field for cloud computing and all approaches to remote computing and data storage.

2. Promote open standards for software and data interoperability and avoid policies that would favor one particular business model or technology over another.

3. Promote policies that allow to the greatest extent possible, unrestricted transfer of data across borders.

4. Encourage rules governing data to travel with the data in order to adequately recognize varying jurisdictional requirements, and ensure data subjects do not lose protection when their data is stored and processed in the cloud, or in any remote computing environment.

5. Avoid localization mandates, or any policies that would give preference to data processors using only local facilities or operating locally.

6. Seek interoperable privacy regimes in which countries recognize each other’s privacy rules to the greatest extent possible.

7. Embrace a global approach to cybersecurity that recognizes the global nature of interconnected systems and provides for data to be protected regardless of where it is located, and that seeks international consensus standards that avoid fragmented, unpredictable national requirements.

View the full report, or get the highlights in the executive summary.

Check out coverage in Post Tech and PC World.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Policy, Policy - Cloud Computing, PSIG, Software, Software Events Tagged With: , ,

Deluge of Privacy and Security Bills in Washington, Plus ICANN

June 21, 2011 By

In case you thought there was already too many privacy and data security bills in the U.S. Congress, several more were introduced last week. Notably, Senators Al Franken (D-MN) and Dick Blumenthal (D-CT) introduced the “Location Privacy Protection Act,” Representative Jason Chaffetz (R-UT) and Senator Ron Wyden (D-OR) introduced their “Geolocation Privacy and Surveillance (GPS) Act,” and on the data security front, Commerce Chairman Rockefeller (D-WV) and Mark Pryor (D-AR) introduced the “Data Security Breach Notification Act.”

At the same time, one of the bills receiving the most attention hasn’t yet been formally introduced.  That is, Mary Bono Mack’s draft “SAFE Data Act” was the subject of a Subcommittee legislative hearing last week, and the Chairwoman has made clear her intentions to move forward to markup the legislation in the near future.

SIIA is currently assessing the long list of proposals, and the outlook in Congress for the remainder of 2011.  Even more now, there is considerable jurisdictional wrangling among the key Committees of jurisdiction on these issues, which could lead to more smoke than fire for the remainder of 2011.  Regardless of how this plays out, SIIA will continue to work with members and policymakers as they explore the need for new laws and regulations regarding the collection and protection of personal information.

On the patent reform front, as reported last week, it’s still expected that the legislation will be voted on by the House this week.  As of Tuesday a.m., House leadership was reportedly hammering-out some of the remaining key details regarding the controversial issue of PTO fee retention and future funding.  That vote is expected to occur later this week. Stay tuned.

As expected, yesterday the Board of Directors of ICANN approved a proposal to add hundreds and possibly thousands of new generic top level domains (gTLDs) to the Internet. The proposal has been years in the making, and the 400-page Draft Applicant Guidebook that describes it has undergone seven major revisions. SIIA believes that the decision to approve the Guidebook represents a significant threat to copyright owners. Intellectual property owners will need to familiarize themselves quickly with the Rights Protection Mechanisms in the gTLD Applicant Guidebook, and expend even more resources and time in enforcing their rights against cybersquatters and infringers.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: , , , , , , ,
« Older Posts