Ding Dong the witch is dead, the wicked witch, the wicked witch.... If you've got a mental munchkin voice narrating this article, for dignity's sake, stop it. Use your own voice.
Happily, SOPA and PIPA have been squashed, tabled, stamped out. (Long Hail Dorothy!) So now, all us auditors and technical compliance folk have to do is come up with a way to control business enabled by cloud and virtualization, such that we actually mitigate risks using the same old familiar tool set. Not talk about it, we need to get it done.
Who among us are actively implementing the concerns raised by ENISA in 2009, page 6 of Cloud Computing, Benefits, risks and recommendations for information security? These recommendations are that we assist customers to assure they:
- assess the risk of adopting cloud services (... like twitter, facebook, Google docs)
- compare different cloud provider offerings (... like Cloud Passage, Terremark, Savvis, Rackspace)
- obtain assurance from selected cloud providers (...like more comprehensive and current SOC 2)
- reduce the assurance burden on cloud providers (... by implementing or supporting implementation of tools like OpTier, Symplified, VSS Monitoring)
- ISO 27001
- CSA STAR
Just in case you know nothing "ABOUT ENISA", their materials state: The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a center of excellence for the European Member States and European institutions in network and information security, giving advice and recommendations and acting as a switchboard for information on good practices. Moreover, the agency facilitates contacts between European institutions, the Member States, and private business and industry actors.
This work takes place in the context of ENISA’s Emerging and Future Risk program.
- This report has been edited by:
- Daniele Catteddu and Giles Hogben
- Internet: http://www.enisa.europa.eu/
Take steps to become educated. SOPA and PIPA are complex problems that all need to solve. We can't allow others to direct our decisions, simply because it seemed too complicated to solve ourselves. Make a commitment to spend a month of the coming year gaining new education.
Commit to re-learn what you think you know about business, technology, and privacy. The field has changed, but the application of our principles has not. The first step is to gain education and get involved.
Don't censor the web found on Digg 1/17/2012 09:40:00 PM, where David Drummond states
Right now in Washington D.C., Congress is considering two bills that would censor the web and impose burdensome regulations on American businesses. They’re known as the PROTECT IP Act (PIPA) in the Senate and the Stop Online Piracy Act (SOPA) in the House. Here’s what they’d do:
- PIPA & SOPA will censor the web. These bills would grant new powers to law enforcement to filter the Internet and block access to tools to get around those filters. We know from experience that these powers are on the wish list of oppressive regimes throughout the world. SOPA and PIPA also eliminate due process. They provide incentives for American companies to shut down, block access to and stop servicing U.S. and foreign websites that copyright and trademark owners allege are illegal without any due process or ability of a wrongfully targeted website to seek restitution.
- PIPA & SOPA will risk our industry’s track record of innovation and job creation. These bills would make it easier to sue law-abiding U.S. companies. Law-abiding payment processors and Internet advertising services can be subject to these private rights of action. SOPA and PIPA would also create harmful (and uncertain) technology mandates on U.S. Internet companies, as federal judges second-guess technological measures used by these companies to stop bad actors, and potentially impose inconsistent injunctions on them.
- PIPA & SOPA will not stop piracy. These bills wouldn’t get rid of pirate sites. Pirate sites would just change their addresses in order to continue their criminal activities. There are better ways to address piracy than to ask U.S. companies to censor the Internet. The foreign rogue sites are in it for the money, and we believe the best way to shut them down is to cut off their sources of funding. As a result, Google supports alternative approaches like the OPEN Act.
Because we think there’s a good way forward that doesn’t cause collateral damage to the web, we’re joining Wikipedia, Twitter, Tumblr, Reddit, Mozilla and other Internet companies in speaking out against SOPA and PIPA. And we’re asking you to sign a petition and join the millions who have already reached out to Congress through phone calls, letters and petitions asking them to rethink SOPA and PIPA.
Posted by David Drummond, SVP Corporate Development, and Chief Legal Officer