Overly on Security

By Michael Overly

About this Blog:

The legal side of security.

Finding Common Threads in Privacy and Information Security Laws.

April 26, 2013 | The sheer number and variety of laws and regulations that can apply to even small businesses handling sensitive information can be daunting, if not overwhelming. In some instances, it may be almost impossible for even a large, sophisticated organization to identify all applicable laws, reconcile...

Continuing Decline in Cloud Provider Responsibility

March 31, 2013 | I have written previously that one of the primary trends in cloud computing over the last year has been a steady attempt by some, but certainly not all, cloud providers to completely erode most standard customer protections in their agreements. While I have previously focused on the decline in SLA...

Ensure Your Data is Securely Deleted

March 11, 2013 | In any instance in which your data may reside on a vendor’s systems (e.g., cloud engagements, hardware rental engagements, etc.), it is critical to ensure that your data is securely removed from those systems (i) when the agreement terminates and (ii) when any of the systems may be taken out of...

2013 Security Trends

January 27, 2013 | In looking at the security landscape for this year, two trends are clear. Cloud computing and BYOD programs will continue to flourish. Both present a similar challenge to businesses: placing control of data into the hands of third parties or on third party devices.

CIA in the Cloud

December 18, 2012 | No, this isn’t a post about a secretive intelligence agency. Rather, my reference to CIA is to the well-known acronym in the information security industry to “Confidentiality, Integrity, and Availability” of data. The same language is also used in certain privacy laws. Most businesses only...

Overreacting to Information Security

December 10, 2012 | If you have been reading my postings for the last several years, you know I am hardly one to be lax when it comes to information security measures – particularly when information will be shared with business partners and vendors. That said, I am finding a common overreaction among businesses to...

Thoughts on Entering Into Cloud Engagements

November 06, 2012 | Much has been written, including by me, about the risks (and benefits) of cloud engagements. I think a step back maybe in order – perhaps even two steps back. That is, I think it is far too easy to lose the forest for the trees in considering the cost-benefit of a proposed cloud engagement.

Social Media Hysteria

October 12, 2012 | In late September, California joined the growing number of states enacting laws precluding employers from taking action against employees and job applicants who refuse to turn over their social media passwords without some form of justification. Such laws should hardly come as a shock. The thought...

Think Carefully Before Collecting Data

September 18, 2012 | In this age of ever plummeting storage costs, some businesses are electing to "store it all" when it comes to consumer data. That is, businesses are storing data regardless of whether there is an actual need with the assumption that it might be of value in the future. This approach, however, can...

Money for Nothing: The New Culture of Cloud Computing

August 22, 2012 | Since my last post, I have worked on a number of cloud engagements. In doing so, I could not help but think of the lyrics to that famous Dire Straits’ song “Money for Nothing” because it seems some cloud providers have adopted those lyrics as the mantra for their businesses. I’m not...

Browse CSO Blogs

See all CSO Blogs »

Recent Comments

Webcasts

» View All Webcasts

White Papers

» View All White Papers