IDG News Service - The U.S. government's increasing use of cloud computing services could lead to new data security risks, with agencies compelled to put their trust in vendors' security efforts, several lawmakers and a government IT expert said Thursday.
Cloud computing will likely give the U.S. government several benefits, including significantly lower IT costs, but agencies are moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a governmentwide security strategy, said Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).
"The use of cloud computing can also create numerous information security risks," Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. "These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources."
IT executives at 22 of 24 major U.S. agencies surveyed by the GAO raised concerns about cloud computing security, even as officials in President Obama's administration push cloud computing, Wilshusen said. A GAO report released Thursday listed several security concerns: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.
Several members of the committee also voiced some doubts about the security of cloud computing services.
"I will be particularly interested in details as to how companies believe that they can implement guaranteed security in a cloud environment," said U.S. Rep. Darrell Issa, a California Republican. "As all of you know, we do not guarantee security. We have breaches every week, every month, sometimes every day in government."
Cloud computing could save the U.S. government money and give agencies faster access to new technology, but it also opens up agencies to "unknown security risks" and raises questions about the level of control customers will have over their data, added Representative Diane Watson, a California Democrat. Cloud computing vendors must detail how they will meet federal data security standards, she said.
U.S. government agencies are working together to address security issues, said David McClure, associate administrator in the Office of Citizen Services and Innovative Technologies, U.S. General Services Administration (GSA). Several agencies have joined a new effort called the Federal Risk and Authorization Management Pilot program (FedRAMP), which seeks to develop security and certification standards, he said.
Despite the concerns, cloud computing will improve security, said Mike Bradshaw, director of Google Federal. Cloud computing vendors store data on multiple servers in multiple locations, making it difficult for cybercriminals to target one location, he said. The redundancy also means agencies are protected against disasters, he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts