We’re proud to be featured in the Fairfield County Business Journal. Our practice is tech-focused, reality-driven and above all embrace that legal is here to deliver solutions and recommendations not road blocks. Our firm works throughout CT and NYC and is constantly developing new approaches to meet your legal needs. Westport attorney takes a legal […]
Category: Cloud Computing
New Cloud Computing Guidance From Health & Human Services’ OCR
The digital world has migrated to the Cloud, on both personal and business levels. But for “covered entities” and “business associates” subject to the Health Insurance Portability and Accountability Act regime, better known by the moniker of “HIPAA”, many CE and BA’s must often determine how (and whether) they can take advantage of cloud computing while […]
1+ Billion Records Exposed So Far in 2016
With Labor Day over and summer now fading into memory, it’s the perfect time to take a fresh look at your data and information security, privacy and compliance postures. And to review fresh lessons from what 2016 has served up as to data breaches and incidents in the first six months. Background Earlier this year, […]
Ready to Revisit Your Cloud Contracts? FedRAMP is Ramping Up With Three Public Webinars
Those who follow cloud computing on the federal level know the Federal Risk and Authorization Management Program (“FedRAMP”) is tasked with developing a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” We expect FedRAMP to have a broader ripple effect for corporate cloud contracting, […]
Procurement Takeaways of the Intersection of Cloud Computing and Mobility
The National Institute of Standards and Technology (“NIST”) held a two and a half day workshop last week, March 25-27, entitled The Intersection of Cloud and Mobility, to brainstorm on the issues, problems and realities of a world where “low-end mobile devices access diverse and scalable cloud computing resources and globally connected mobile enabled resources […]
What the Walking Dead Can Teach Us About Vendor Agreements
As fans of the AMC hit series, The Walking Dead, last night’s mid-season premiere drove home that the show is fundamentally an examination of basic morality. And contract law. And the vital importance of “vetting” third-party contractors. Think we’re stretching things? Read on… for what the Walking Dead teaches about your vendor agreements and dealing […]
NIST Releases Cloud Computing “Security Reference Architecture” (SP 500-299) for Public Comment
The National Institute of Standards and Technology (“NIST”) loves its “Special Publications” the way IRS agents love new tax forms. NIST’s SP’s, however, are much more useful, and its latest Special Publication release in draft form for public comment, SP 500-299 “Cloud Computing Security Reference Architecture” introduces NIST’s Cloud Computing Security Reference Architecture (“SRA”) as […]
Lessons From When Cyber Security Meets Physical Security
Data security and what qualifies as “reasonable” security is on everyone’s mind these days – at least if you’re involved in IT, or responsible for addressing any aspect of the “GRC” troika of governance, risk management and compliance issues. Sometimes overlooked on the cyber side, however, is the interaction of cyber with real world, physical […]
Ponemon Study on Patient Privacy Highlights Security Failings
Released today, the Ponemon Institute‘s Third Annual Benchmark Study on Patient Privacy & Data Security (available at, http://www2.idexpertscorp.com/ponemon2012/) starkly highlights the continued serious challenges faced by healthcare organizations in adequately safeguarding protected health information (“PHI”). As the study notes straight out of the gate “the threats to healthcare organizations have become increasingly more difficult to […]
NIST Releases Public Draft SP800-53 Addressing Cybersecurity Threats & Privacy Controls
Yesterday the National Institute of Standards and Technology (NIST) released the 4th iteration of what will ultimately be a mainstay document for federal agencies required to comply with provisions of the Federal Information Security Management Act (FISMA) and FIPS 200. As a result it should have a significant affect on federal cloud security practices that […]
NIST Issues Finalized Guidelines for Managing Security & Privacy in Public Cloud Computing
Say what you will about the federal government, the Nat’l Institute of Standards & Technology (“NIST“), part of the Department of Commerce, has certainly been busy over the past year releasing numerous special drafts and reports addressing cloud computing recommendations, security and issues. [Full disclosure: I’m a member of several NIST working groups, including one currently working […]
Cloud Security, Data Breaches and the CFAA
Attorney Rich Santalesa provided commentary for a Business Insurance article titled, “Managing Cloud Computing Security Requires Planning” available at http://www.businessinsurance.com/article/20120115/NEWS07/301159998#full_story. And Santalesa comments again in an Information Week article dealing with a CFAA-related sentencing: “Patient Data Theft Sends IT Specialist To Jail” available at http://www.informationweek.com/news/healthcare/security-privacy/232400459
Contracting for Cloud Computing Services
The Knowledge Group/The Knowledge Congress Live Webcast Series, a leading producer of regulatory focused webcasts, has announced that attorney, Richard Santalesa, will be speaking at the Knowledge Congress’ webcast entitled: “Contracting for Cloud Computing Services: What You Need to Know” scheduled for February 14, 2012 from 12:00 PM to 2:00 PM ET. For more details […]
Definition of Cloud Computing – NIST Releases Final SP 800-145
We actively follow the work of the National Institute of Standards and Technology (NIST), part of the U.S. Commerce Department, which over the past year has been very busy in the areas of Cloud Computing and information data security. Yesterday NIST announced “the final release of Special Publication 800-145, The NIST Definition of Cloud Computing.” NIST’s […]
NIST Releases New DRAFT Cloud Computing Synopsis
The National Institute of Standards and Technology (NIST) recently released a new cloud computing draft special publication for public review and comment (see associated press release), which NIST is billing as “its most complete guide to cloud computing to date.” Public comments to NIST on the 84-page P 800-146 DRAFT Cloud Computing Synopsis and Recommendations (PDF 1.9MB) […]