QUERCUS BLOG
Industry Insights from Our Experts

Tag Archives: Canada

Canadian Legislation and Cloud Security

Comments Off
Filed under Cloud Practice

(…re-post from PaulSPatterson.com)

If you’re a Canadian based enterprise looking into cloud services, you need to understand that Canada has it’s own domestic security policies that, essentially, mirror those of the United States. You’ve likely heard of the United States’ Patriot Act. Canada has it’s own version of the Patriot Act called the Anti-Terrorism Act (Bill C-36), which amended the Canadian Security Intelligence Service Act (CSIS Act) as well as the National Defense Act.

The Anti-Terrorism Act is legislation created in response to the September 11, 2001 attacks in the US. This act amends existing legislation to give Canadian security agencies additional powers to respond to terrorism threats. In effect, the act offers more security and surveillance powers to agencies, when required.  Some of the provisions of act expired in March of 2007, which were not renewed as a result of a House of Commons vote a month earlier.

In 2012, Bill S-7 was introduced in  the Senate. Bill S-7, also known as the “Combating Terrorism Act” sought to restore the expired C-36 provisions, as well as amend new crimes to the bill. The recent bombings in Boston escalated the agenda of S-7, which resulted in a vote in April which saw the bill passed into legislation.

The Anti-Terrorism Act is similar in context to the Patriot Act in the US. What is somewhat different is that Bill C-36 also considers other concerns. Consider the United States Foreign Intelligence Service Court (FISC), which is responsible for issuing surveillance warrants to the likes of the FBI and NSA – basically allowing foreign spies to be spied on. Bill C-36 provides amendments to the CSIS Act that essentially offers the same powers to Canada’s own domestic security and intelligence communities. Considering that Canada is known as a world leader in communications research and technology…

Understanding that these laws are created in the spirit of preventing terrorism, and not meant to be an over arching mechanism to keep tabs on everyone and everything. The immediate thought of a Hollywood type spy movie plot is an unfortunate, and a sensational, scenario that many in the real world immediately think about when first we talk about security and privacy in the cloud. We have the oversight, and general understanding of what the difference is between right and wrong, to mitigate the risks that the legislation is not being used for what it is intended to be used for.

What to know more about Canadian privacy legislation, and then some? Check out this massive list of resources compiled by David T.S. Fraser here…

Also, his blog post by Shaun Calderwood from Perpetual West is another terrific resource for all things cloud security and privacy in Canada.

What are your thoughts on domestic cloud security and privacy concerns?

Canadian Cloud Law

Comments Off
Filed under Cloud Practice

(re-post from the blog of PaulSPatterson.com)

One of my favorite sites these days is David T.S. Fraser’s Canadian Cloud Law Blog (www.cloudlawyer.ca). I can easily answer objections related to using cloud services; especially from people here in Canada. However, I am just one person, and having resources such as David’s blog certainly helps add credibility to the objection handling in my cloud context conversations.

If you are a Canadian organization, or doing business with a Canadian organization, then I encourage you to visit David’s blog. If anything, browse through the Cloud Computing Privacy FAQ on the site. The information on the FAQ is fantastic, and is a great reference point for further cloud privacy conversations.

Remember, using the cloud is not an all-or-nothing proposition. There are private and hybrid cloud opportunities that will address privacy concerns, while still offering real value to the organization. Canadian enterprises specifically can take advantage of these types of integrated cloud scenarios to benefit in ways that will offer a great return.

Data is just a part of the overall solution. Keeping data on-premise while leveraging public cloud services to offload processing, for example, is one scenario that has been proven to be successful. Keeping the data private and within the organizational boundaries keeps data concerns private. Leveraging the elastic nature of cloud services to take care of “spinning up” services when needed takes the load of otherwise important internal IT infrastructure. Data doesn’t need to be stored externally, and when the data is used it is compressed and encrypted for use by external services but not stored externally.

There are plenty of options and opportunities for Canadian enterprises to leverage the cloud. Feel free to send me a note, or contact me directly, with whatever questions or conversations you have. I love talking about this stuff.

Curious to know more about what the cloud means to Canadian organizations? I’d be more than happy to chat about it.

Cheers!

Copyright 2017 by Quercus Solutions
Login