While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not understand the implications of the shift. Some all-too-common lines of thinking: We’ve moved our applications to our cloud provider – what does that have to do with our software development life cycle?; Our cloud-platform provider is responsible for securing our applications and data; or We’ve outsourced that – and all the... more
On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data includes quite sensitive information, such as guest passport details and, likely, payment card information. Although it will probably take time before we fully understand the details of the incident – which appears to have continued unabated since 2014 – there are lessons that we can learn from the details already in... more
$4.8 million. That is an impressive class-action settlement number, particularly when you consider that the automated calls and texts triggering the litigation and settlement arose from a single auto dealership. The auto dealer allegedly (link to complaint) violated the federal Telephone Consumer Protection Act (TCPA) by engaging a third party to deliver ringless voice and text messages to the cell phones of prospective buyers. Beyond the lessons learned by this individual business, the broader message for all organizations is a.) that it continues to be... more
A recent Harris Poll surveyed adults on the topic of corporate social responsibility and found, not surprisingly, that a majority of those asked stated that companies should – or perhaps “ought” – to have a mission beyond profit. What was surprising is that data privacy surpassed healthcare or even supporting veterans as the social issue that people most want companies to address. This follows an April 2018 poll sponsored by IBM evidencing deep concern among consumers about data security. Specifically, 73% of respondents indicated that businesses... more
Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private contractors have long relied upon the National Institute for Standards and Technology (within the Commerce Department) to develop standards and guidance for information protection. One of the most important of these is the fairly recent Cybersecurity Framework, which helps provide structure and context to cybersecurity. Private-sector organizations should be motivated to implement the NIST... more
Welcome to the eBriefcase Management Center. As you assemble your personalized eBriefcase, you may drag to reorder or delete items. Once assembled, you can create a PDF of your eBriefcase.