A "renaissance" field. That’s how VMware Vice President and Chief Privacy Officer Stuart Lee, CIPP/E, CIPP/US, CIPM, FIP, describes the privacy profession. And it’s a particularly “cutting-edge” time, said the multi-cloud service provider’s global privacy operations leader.   “We get to interpret new and exciting technologies and policies into something that can really make a meaningful change for our business and for our stakeholders, and the challenge is you’ve got to be able to think about h... Read More

Data privacy startup Securiti launched its data security cloud platform, DataControls Cloud, while it raised $75 million in Series C funding, TechCrunch reports. The data security cloud is intended to “provide a layer of data protection wherever the data lives,” which could be a major infrastructure provider like AWS or a software-as-a-service application like Salesforce.Full Story... Read More

The U.S. National Institute of Standards and Technology announced its National Cybersecurity Center of Excellence published draft reports examining various aspects of hardware-enabled security for cloud systems. The reports cover techniques and technologies that can improve platform security, an approach for safeguarding container deployments in multi-user cloud systems, and an example solution for leveraging hardware roots of trust to oversee enforcement of security and privacy policies on clou... Read More

The day-to-day business penetration of cloud services has reached an all-time high and is expected to grow further in 2020. With the adoption of cloud services, the regular data controller and data processor setup is also becoming more obsolete and transforms into a data controller (regular data processor), one or more cloud service provider (sub-processor), or data controller (one or more CSP data processors set up in the EU). This implies the threat landscape and privacy risks data controllers... Read More

CyberNews reports researchers discovered an unsecured Google Cloud database containing the personal information of more than 200 million Americans. The server belonged to an unidentified party and contained full names, email addresses, phone numbers and financial information related to mortgage loans. The data was exposed for an unknown period of time before an unidentified party deleted the information March 3. Meanwhile, U.S. District Court Judge Charles Breyer in San Francisco has granted fin... Read More

Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. Once we step into... Read More