Category Archives: Security

NIST Issues Draft Recommendations on Cloud Computing

Earlier this month, the Computer Security Division of the National Institute of Standards and Technology (NIST) issued draft recommendations on cloud computing (PDF). As many of you know, NIST is an agency of the U.S. Department of Commerce. Founded in 1901, the agency was the nation’s first physical science research laboratory.

In the e-discovery field, we know it better for its list of 65 million hash values of system and program files (the “NIST” list). We use the list to remove unwanted files before we process documents and other data. The NIST list is the gold standard for our industry Continue reading

With FCPA Actions on the Rise, Search Takes Center Stage

Corporate Counsel magazine recently issued a report that should cause multi-national corporations and their counsel to pay attention: Trend Watch: Foreign Bribery Actions Doubled Last Year.

Specifically, the magazine reported that enforcement actions under the Foreign Corrupt Practices Act (“FCPA”) nearly doubled in 2010, rising to 76 (with complaints against 23 companies and 53 individuals). In 2009, the SEC and Justice Department brought 45 actions (against 12 corporations and 33 individuals). That number was a significant jump again from 2008 when the government brought 37 actions against companies and individuals. Continue reading

NIST Issues Draft Guidelines on Security and Privacy in the Cloud

While everyone who uses cloud computing should be alert to security and privacy issues, lawyers and litigation support professionals have a special responsibility in that regard. Not only are they entrusted with preserving the confidentiality of client communications, but they also play key roles in ensuring that their clients comply with a myriad of laws and regulations pertaining to data. Even so, legal professionals often have far more questions than they do answers about how to evaluate the privacy and security of cloud providers.

Earlier this month, the National Institute of Standards and Technology (NIST) published a draft document, Guidelines on Security and Privacy in Public Cloud Computing (PDF), that provides an overview of the security and privacy challenges pertinent to public cloud computing and suggests factors organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment.

At the same time, NIST launched a new NIST Cloud Computing Collaboration wiki to enable those involved in cloud computing to collaborate in refining the NIST’s standards.

NIST also released a draft that updates its work to create a definition of cloud computing, The NIST Definition of Cloud Computing (Draft) (PDF). NIST is seeking feedback on this draft, as well. Continue reading