In a recent blog post and press kit on Building Confidence in Cloud Computing, Microsoft's General Counsel, Brad Smith, calls for government action to "ensure that a robust privacy and security legal framework exists to protect and provide user rights and benefits in the cloud." Microsoft's statement rightly suggests that in order for the promise of "cloud computing" -- be it applications, software infrastructure for developers or physical computing capacity -- to be realized issues of data protection must be better addressed. The statement appeals to the US government to to update, modernize and strengthen two existing pieces of legislation -- the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act (CFAA). The statement also promotes greater transparency regarding security provided by cloud services providers as well as global collaboration around rules governing access to data for law enforcement purposes.
Train for Success hosted a panel discussion today in Second Life to both look back to 2009 and forward to 2010 and discuss observations and trends in virtual worlds. The other panelists — Sam Driver of ThinkBalm and Doug Thompson of Remedy Communications — are really the experts on virtual worlds and all that is developing in and around them. I spoke primarily about the rise of virtual event platforms, which the other panelists referred to as “pseudo 3D” environments. Despite the denigrating nature of the label, I accepted that the platforms that I have focused on are less rich, and less interactive than Second Life and other “real” virtual worlds. However, as my previous blog post indicates, that richness comes with a downside. The barriers to entry are just too high for the use cases that the “pseudo” virtual environments have specialized in. When using a virtual platform (of any kind) for marketing purposes, targeting a large and diverse audience, the “real” virtual environments just aren’t there yet.
However, I did want to share some of the observations that I made on the panel. My comments were really based on adoption and use cases for “pseudo” virtual environment as tools for B2B marketers. Looking back at 2009, what did you see as highlights, lowlights, and trends in the virtual platform enterprise market?
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.